Modernizing Authentication — What It Takes to Transform Secure Access
We've all known for awhile that Google indexes (nearly) everything, both good and bad. Guys like Johnny 'I Hack Stuff' Long have even made a career out of using Google to find site vulnerabilities, an activity commonly referred to as 'Google Hacking.'
Now at long last, Google itself is getting in on the action.
This week Google launched new webmaster tools that will show site owners any malware located on their site.
There is more info that can be publicly discovered that could really help out webmasters in the battle against malware and site vulnerabilities.
For example, one common Google Hack is simply a custom search query for
username/password in unprotected files/directories. The new webmaster
tool won't show that as malware, since it's not, but it still is a
vulnerability that a Google 'hacker' could find.
The other item that users will still need to find on their own are incidents of Cross Site Scripting (XSS) or Cross Site Request Forgery (CSRF) vulnerabilities. Again, these are items that technically aren't malware, but are still vulnerabilities.
The new tools are a great start and will clearly help to webmasters to identify where they might have malware files sitting on their sites. Most webmasters likely don't want to be distributing malware and every additional tool (especially a free one like this) is another weapon to the attack the problem.
Article courtesy of InternetNews.com.