Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider.

Criminals could use the certificate to conduct “man-in-the-middle” attacks targeting users of Gmail, Google’s search engine or any other service.

Attackers could poison DNS, present their site with the fake cert and bingo, they have the user’s credentials.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on Pastebin last Saturday.

The SSL certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA.

It’s unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company’s certificate issuing website.

Given their ties to the government and financial sectors it’s extremely important to find out the scope of the breach as quickly as possible. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web’s biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran’s government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Google’s servers can be used by cyber attackers to launch DDoS attacks, claims Simone “R00T_ATI” Quatrini, a penetration tester for Italian security consulting firm AIR Sicurezza.

Quatrini discovered that two vulnerable pages – /_/sharebox/linkpreview/ and gadgets/proxy? – can be used to request any file type, which Google+ will download and show – even if the attacker isn’t logged into Google+.

By making many such request simultaneously – which he managed to do by using a shell script he’s written – he practically used Google’s bandwidth to orchestrate a small DDoS attack against a server he owns.

He points out that his home bandwidth can’t exceed 6Mbps, and that the use of Google’s server resulted in an output bandwidth of at least 91Mbps.

“The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs,” says Quatrini. “But beware: igadgets/proxy? will send your IP in apache log, if you want to attack, you’ll need to use /_/sharebox/linkpreview/.”

He says he has discovered the flaws that allow the attack on August 10 and that he contacted Google’s Security center about it. After 19 days of receiving no reply from Google, he published his findings.

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:
* There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
* Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
* Goolag Scanner comes with its own dorks-database, but it is not limited to such.
* gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

Download Goolag Beta 1.0.0.41 :
http://goolag.org/download.html

More Info :
http://goolag.org/specifications.html

“Google Hack” Honeypot Project
Google Hack Honeypot is written in PHP and assists the development of web based honeypots designed to lure search engine hackers.

Currently available for special google hacking search queries for AimBuddyList, .mdb, passlist.txt, passwd.txt, phpsysinfo, phpbbinstall_r2l, phpshel, php_ping, etc.

Current version :- GHH v1.2
Last Update :- Apr 07 2007
Homepage :- http://sourceforge.net/projects/ghh/