SecTor: Walking out of Googless Google security talk
TORONTO. The term Google Hacking is not a new one - and it's definitely an interesting topic to learn about how you can use Google to attack or protect sites.
That was the promise of the Googless session at SecTor run by OWASP researcher Christian Heinrich. Unfortunately Heinrich's presentation was a little strung out and heavy on the obvious features of Google. So much so that by my estimation at least 40 percent of the people that were in the session when it began left before it ended.
From my point of view I gleaned at least one small tidbit. Heinrich has created a tool called TCP Input Text which extracts TCP Ports from Google Search Results. It's an interesting little tool that could be used for profiling without triggering an IPS/IDS. He also demonstrated how his Google tool could be integrated with the NMAP security tool to get an even more accurate profile.
Heinrich argued that the OWASP Google Hacking effort is not a violation of Google's Terms of Service, though he did note that Google has complained to OWASP executives about the project.That said Heinrich claimed that Google has recently offered him a job as Google Security Team lead in Australia.