Apr 12, 2016

What is 'Google dorking' and why is it a security threat?

Google dorking = hacking , in websites or apps by means of search results , configuration, codes.

is it a threat?

Yes it is!

Untill Google solves it or some body else
That is so stupid, the fault is not with google. It's with people that make sensitive info that easily to get a hold of. If I were google I would make using "google dorking" more visible. Maybe like put a big fat button on the homepage that explains everything you can do with it.
The FBI and Dept. of Homeland Security issued a press release about the risks posed by Google dorking:

"Malicious cyber actors are using advanced search techniques, referred to as“Google dorking,” to locate information that organizations may not have intended
to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries."

Google dorking or hacking refers to a technic of searching with specific parameters. Such as specifying a search for a particular document type or a keyword used with in a URL. While this is offered by Google to assist with basic searches, it can also be exploited to obtain information that was not intended to be shared out. There are a number of known cases where Google docking was used to obtain private information and left many companies vulnerable to future attacks.
CSO has an article with some specific examples http://www.csoonline.com/article/2597556/social-engineering/fbi-issues-warning-about-creative-google-searches.html
Answer this