Researchers this week will release new, free, search engine-based data mining tools that can identify and extract sensitive information from many popular cloud-based services, potentially enabling enterprises to identify potential security vulnerabilities before cybercriminals do. The researchers, Francis Brown and Robert Ragan of security consulting firm Stach & Liu, at the Def Con conference in Las Vegas will also release new techniques that use search engines to identify security vulnerabilities in software--a process popularly known as "Google hacking"--and to pinpoint malicious websites hosting malware.
Brown and Ragan, who have been developing and publishing their "Search Diggity" tools for two years, say they have built the industry's largest database of search engine-exposed security vulnerabilities and threats, which is also being made available as a free tool for security professionals and researchers.
The new round of software tools can be used to identify security vulnerabilities and sensitive data not only on the enterprise's own systems, but also on associated networks and cloud services. One of the tools, called NotInMyBackYardDiggity, enables security professionals to search all sites that may contain information about their enterprises--including sites such as Twitter, Dropbox, PasteBin, and Google Docs.
Your networks may be under attack as you read this, but unless your security personnel are analyzing logs and leveraging common tools that are well known to your network operations teams, you may not find out until it is too late. In our What's Going On?: Monitor Networks To Thwart Intrusions report, we explain how your security and network teams can cooperate and use common tools to detect threats before your databases are compromised. (Free registration required.)
