Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Egosurfing, the corporate way InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Egosurfing, the corporate way

Published: 2010-09-26
Last Updated: 2010-09-26 15:05:47 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)

Both Egosurfing and Googledorks are nothing new, of course. Large corporations nowadays retain marketing firms to do search engine analysis for them, but these marketing firms focus on, well, marketing and branding issues only. They are unlikely to ever tell you that your web site shares that Excel with the customer names or that student application form with the SSNs.

To make sure, go ego-surfing for your company or organization every now and then. Search for the domain name ("site:mydomain.com") and then narrow down the results by using Google's advanced search operators, like "filetype:xls". GoogleGuide has a good list and description of the search operators that Google supports.

You can also use the basic exclusion technique ("-hay -grass -weeds") to whittle down the haystack until only the needles are left. This approach works particularly well if you don't quite know what you are looking for.

One caveat: Keep at this for long enough, and Google's dork-defense will kick in, and refuse to answer your search queries because they think you are a bad guy out looking for ways to attack your organization. So, just in case, do not perform these searches over an internet access that you share with others, as its IP address might become temporarily blocked by Google.

0 comment(s)
Diary Archives