資訊科技小貼士 谷歌黑客; Information Security Tips Series Google Hacking (Offbeat 972)

「谷歌黑客」意思是透過提升使用谷歌搜尋的技巧,從而收集資訊用作入侵攻擊。

對一般用戶的影響
「谷歌黑客」並不是在網上盜取你的個人資料,但它會顯示那些已在網上公開而又被Google儲存了的資料。例如,過去如果有些人把你的名字、電話號碼和電 郵地址放在網上,如網誌等,你可以使用谷歌搜尋來找到這些資訊。但如果你單單透過電話號碼作搜尋,因Google已限制這種搜尋類型,所以你便找不到這些 資料。

如何進行「谷歌黑客」
首先要找出正確範圍的內容,然後縮減從Google所獲得的搜尋資料。以下運算符號正是建立Google查詢的重要元素,包含在中括號內的XXX是搜尋字 眼。

*    [“XXX XXX”]:在兩個或以上字眼前後加上雙引號,Google 將會完全以這兩個字的組合作為搜索條件。

*    [-XXX]:在一個字眼前加上減號,搜尋結果將會剔除含有該字眼的內容。

*    [~XXX]:這個符號意指「相似」,如果在搜尋的關鍵字前加上這符號,你將會得到和這個關鍵字意思相近的搜尋結果。例如搜尋「保安 ~ 手冊」,你將會搜尋到「保安手冊」、「保安指南」等相關字眼的結果。

*    [XXX * XXX]:這個星號「*」是一個字眼的萬用字元。

*    [XX..XX]:這個兩點符號在兩個數字間使用,以搜尋兩個數字之間的數值,例如「年齡20..25」。

*    [filetype:XXX]:這運算符號將會把結果限制在XXX檔案格式中,例如「保安手冊 filetype:doc」將會獲得所有使用doc格式的保安手冊搜尋結果。

*    [site:XXX]:如加入這運算符號,所有搜尋結果將會限制在這網站或域名內。例如輸入「表格 site:police.gov.hk」,將會搜尋到所有在警務處網站內含有「表格」字眼的內容。

Google儲存大量網站資料在資料庫中。透過搜尋這個資料庫,目標網站便不會知道你曾經搜尋其網站,因為你根本沒有真正訪問過它們。從而可以讓你的行蹤 消失,有如使用代理伺服器一般。而且,即使目標網站已經將舊資料從自己網站刪除,你仍可以獲得對方的舊資料。

如何保護私隱

作為用家,我們關心的是我們有那些資料在網上被公開,尤其是在社交網站上的內容,例如Facebook或網上討論區等。縱使我們不可能控制該網站或網頁伺服器的設定,以防止他們洩露我們的資訊,但透過使用「谷歌黑客」的技術搜尋該網站公開的資料,我們便可以了解什麼資料會被網站公開。如果我們不認同他們的 私隱條款和設定,便應該拒絕使用他們的服務。

Google Hacking is the skill to optimise the searching function of Google search engine to collect information for hacking.

Impact on general users

Google Hacking will not steal your personal information on the Internet, but it shows the searching results being published on the web and being captured by Google. For example, if someone had published your name, phone number and email address on the web in past, such as blog, you might search such records with Google search. However, if you just search the phone number, you would not find out such record because Google restrict the request.

 

How to Google Hacking?

The first step is to locate the right content and then narrow down the volume of searching results from Google. The following operators are the key elements to build up the Google queries, including: (in the square bracket, XXX is your searching keywords)

*    [“XXX XXX"]: The quoted phrase will search for exact wordings between quotes.

*    [-XXX]: The word after the negative sign will be excluded from the result.

*    [~XXX]: This means “similar to". Google will return the results similar to the XXX keyword, e.g. [security ~manual] will return results with “security manual", and “security guide", etc.

*     [XXX * XXX]: The asterisk * is the wildcard for a single word.

*     [XX..XX]: The dots operator should be included between two numbers to search for any number between two numbers, e.g. [age 20..25]

*    [filetype:XXX]: This operator will restrict the results specified in XXX file format, e.g. [security manual filetype:doc] will return all results in doc file format.

*    [site:XXX]: The results including this operator will include the specified website or domain only, e.g. [form site:police.gov.hk] will return the content with the word “form" from force website.

Google stores websites content in its database. By searching this database, the target websites will not have your IP address in their log because you are not really visiting their sites. So, you will be hidden from the target. Also, you will get the historical data even the target has removed them from their websites.

 

How to protect privacy?

Being an end-user, we are concerned about what we have disclosed on the web, especially the social networking media, such as Facebook, web forums, etc. Even we cannot control those web sites and their web server settings to prevent them from leaking our information, but by using the Google Hacking techniques to search the content publicised, we may know what will be disclosed from the web sites. If we don’t agree with their privacy policy and setting of the sites, we may refuse to use their services.

Give me comment!

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s

%d 位部落客按了讚: