Vulnerability scanners need to be taken more seriously

The organisation is making the point that tools are available to analyse Internet presence and detect inadvertent exposures that might be found by search engines and in turn found by so-called ‘advanced searches’. “Vulnerability scanners have been around for a while, but they tended to focus on known exploits, used by hackers to gain illicit access to your systems via the internet,” comments Alan Woodward, Charteris’ chief technology officer. “The whole black art of using the data collected by search engines to identify vulnerable sites has become known generically, and rather unfairly, as ‘Google Hacking’. In the last few months well-known vendors of security testing software have added a facility for detecting Google Hacking to the features of their security software.” He makes the point, however, that there is an ever-increasing range of new ways that hackers find to exploit Google and other search engines to access information. “Because of this, whatever vulnerability scanner you use must be regularly updated in just the same way that you need to keep virus checkers updated,” says Woodward. “The checks you make, or instruct your computer specialist to carry out on your behalf, should include a vulnerability check against Google Hacking – and also incorporate defences against all known types of past and current hacking techniques that use Internet search engines.” He warns that the likelihood of this kind of attack occurring is increasing all the time. “Using vulnerability scanners is essential if you want the peace of mind that your computer system is protected against this kind of dangerous interference and unauthorised viewing,” he advises.