Monday, November 23, 2009

Google Hacking Renders Redaction Futile

Lately, I've been looking at tons of SQL injections and SWF login blog posts and screen captures. I notice most hackers attempt to redact the compromised URLs. However, in most cases there is enough information from the screen captures to find the sites.

The attempt to redact the information is an attempt to protect the innocent. The latest instance of this was a blog post on a Symantec SQL Injection that yielded tons of information including serials and passwords. The image below is a screen capture posted within the blog post.

Next, I visit Google and type: intitle:Teacher Sima

This is just basic Google Hacking here, nothing advanced. This is something I've been instinctively doing when I see something like this.

So the question is "Why redact?"



  1. Good question.

    Effective redaction is still possible but it takes a lot more work that merely blanking out parts of the URL. It can mean looking at the entire screen shot and redacting lot more.

    Even if the screen shot was redacted to blur out the page's title, the Japanese text shown *might* have been sufficient to have a good go at finding the actual site. (I don't know for sure since I cannot read Japanese and didn't have time to play around with katakana and kanji today.)

  2. Lately, I've been looking at tons of SQL injections and SWF login blog posts and screen captures. Football Trophies

  3. I am glad to find your impressive way of writing the post. Now it become easy for me to understand and implement the concept. Thanks for sharing the post.Read more

  4. Thank you so much... your blog is giving very useful knowledge for all.i didn’t have the knowledge in this now i get an idea about this..
    thks a lot:-)To know more Read here

  5. Legal hacking experts detect security weakness in a system which facilitates the entry for online cyber criminals. hack FB

  6. As more and more people discover the many possibilities of having their own website, more of these pages are being created on the internet. It is essential that a website is created in more than just a way that is attractive to visitors. It should also be protected in such a way that there is a higher level of security.

    Random Password