Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.4  Vulnerabilities

Previous Topic/Section
Dependence on “Security Through Obscurity”
Previous Page
Pages in Current Topic/Section
1
Next Page
Web Software Flaws
Next Topic/Section

Web Pages that Show Up Everywhere

Speaking of web search engines, yet another web-related security issue is similar to the issue of email retention. Once a piece of information is out on the web, it really DOES seem to consciously WANT to be free.

[spacer]Be Careful What You Post

Search engines can also introduce some issues. One of the contributors to this book believes that once Google has picked up a page on one of his websites that's not linked to by his or *any* site on the web, and says he says can prove it via Hitbox tracker amongst other things. Google is a powerful search tool for people looking for stuff they shouldn't have access to!


For example, documents get picked up by random surfers and reposted to other sites (with or without the original webmaster’s permission), or a search service like Google snares a copy of it for indexing purposes, kindly, squirreling it away in its cache for searchers’ convenience later. After all, it’s quite an inconvenience to an attacker when he sees the memo about the default password policy for new system accounts, which he found through Google, is no longer on-line at its original site. Google empathizes with the attacker, and provides him a cached copy of the document, as originally indexed, from its own terabytes (petabytes?) of disk upon request. One of your authors discovered the default password policy for a state government division this way, during an audit.

Also, to ensure that no bad site design ever goes unremembered by history, there’s the Internet Archive Wayback Machine213. This is a time-based web archiving service that takes snapshots of web pages periodically allowing it to serve as a history of the evolution of web sites throughout the months and years. As with the Google cache, in addition to providing a look at what the site was like at a certain time, it could also provide access to data that the site has since thought to remove from public view.


 __________________

213. http://www.archive.org

Previous Topic/Section
Dependence on “Security Through Obscurity”
Previous Page
Pages in Current Topic/Section
1
Next Page
Web Software Flaws
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.