Google: A Hacker's Best Friend?

When Johnny Long wants information online, he turns to the same tool as most people: Google. But unlike the average Web user, Long isn't usually looking for Paris Hilton news and movie reviews. He's digging for credit card information, Social Security numbers and other private data stashed on corporate servers.

Long isn't a cyber-criminal--he just plays one in his day job, as a researcher for the information technology services company Computer Sciences (nyse: CSC - news - people ). But he is a hacker, one with a talent for innovating new ways to penetrate corporate servers, albeit for testing purposes only. He's also the author of Google Hacking for Penetration Testers, a best-selling book that shows how to use seemingly harmless Google (nasdaq: GOOG - news - people ) searches to uncover surprisingly sensitive information.

Long spoke with Forbes.com about his forthcoming book, a more general kind of "Hacking for Dummies" guide to hacking without technical knowledge, and the tricky question of whether to publicize hacking techniques that require little more than a search engine and two hands.

Forbes: What is "Google hacking"?

Long: Google hacking is really just a subset of something I call "no-tech hacking." You use un-technological methods to break technology. After 10 years of trying, I've discovered a whole pile of ways to do that. Dumpster diving (looking in office trash for security information); tailgating someone into a secured facility; pretending to be a UPS guy or a repair guy or a delivery guy ... these things work almost all the time and require very little technical knowledge.

So where does Google come in?

In the beginning, we'd use Google to case the companies we'd be trying to penetrate. But we discovered that the Google searches we were running were returning more information about the company than they might realize. Just by doing a search on a Web site, we'd find a password or usernames that would grant us access.

Google hacking grew out of that. You perform a Google search looking for sensitive information that either gives direct access to a network, or something subtle that could be used in conjunction with other finds.

What kinds of vulnerabilities in Web sites have you found through Google hacking?

We have examples where you can put in a Google query and immediately get access to part of a site that already has you logged in as an administrator. We discovered that just by searching for certain terms, you could find personal information like credit card numbers, Social Security numbers, anything an attacker would need for identify theft. On some education institution sites, we'd find entire Excel spreadsheets with students' names, Social Security numbers and even grades. But that's low-hanging fruit.

Without getting too technical, what's an example of a more subtle case, where you combine Google hacking with more advanced hacking?

For example, Google can help you find where an SQL server is vulnerable. SQL is basically the language of databases. Just by putting the right terms into a form on the Web, like a registration form on a site, you can do something called "SQL injection." Basically, your input into the form is confused with SQL code, and that can allow you to read data directly from a database, simply by typing into a Web login form.

Google allows you to find those vulnerabilities. If you type "MySQL error with query" into Google, some of the results will tell you which Web sites have had this error message, and that's the first step to an SQL injection. It's a nice way to do reconnaissance. It probes the Web very broadly without interacting directly with any target site, so it's difficult to detect.

Is Google becoming a more powerful tool for hackers?

Search engine popularity in general has been growing. But more importantly, the Web 2.0 movement means that everything is moving out to the Web. There's an absolute explosion of corporate and personal information out there.

Do you worry about the ethics of publicly discussing these tricks?

It's a huge debate in our industry. There are two camps: One camp says that when you talk about vulnerabilities you give bad guys ideas, but another camp says that you're helping good guys protect against bad guys. In the case of Google hacking, certain queries, like credit card queries, are very deadly stuff. So I've never talked about how to do a credit card query, though I've talked about the risk. It's a very fine line. I have to leave out enough information to avoid getting someone into trouble, but give the audience an idea of what's going on. So I always try to think about what it would mean to be on the other side of getting hacked, and I keep my professional clients in mind.

By Andy Greenberg

"are you doing the hard way?"

Suppose you could sit down, write a simple letter to your
prospects, mail it (or email it) and then your phone starts
ringing off the hook.
Imagine...one letter could bring you tons of hot leads and
new customers, get them to keep buying products over and
over again, and even provide you with a constant stream
of referrals.
So anytime you need more business - you simply turn the tap
on... it's like having the goose that lays the golden egg.
(Except, in this case, you're creating tons of hot, qualified
prospects - raising their hands to join your business.)
Sound too good to be true?
Well, let's think about it.
A sales letter is the most powerful "master prospector"
you could ever hire. For about the price of a cup of coffee
(or just the cost of turning on your computer if you're using
email) - it will relentlessly go out and deliver your message perfectly. Every time.
It will never call in sick.
It will never complain.
And it will never quit on you.
Simply put, a powerful sales letter is like having a little
automatic, money-making downline robot working for you,
tirelessly...day and night.
But Creating That Winning Sales Letter Is The Hard Part...
It could take you years and can cost you a small fortune to
figure out just the right combinations that make some sales
letters work - while others fall flat on their face.
But instead of knocking yourself out trying to come up
with just the right sales letter, you can now have an entire
collection of hard-hitting, profit-generating sales letters
for your MLM business, ready at your beck and call...

"Not to worry about Google"

Recently I've been hearing about a handful of Internet marketing "gurus" who seem to be intentionally misleading people. They're saying you DON'T need to worry about getting good rankings in Google, Yahoo! and MSN.

That's news to me!

Apparently, these gurus are telling people to focus only on traffic strategies like pay-per-click search engines, free content, blogging, and viral videos. They're saying not to worry about organic search marketing because it's a waste of time.

Now all those other strategies are valuable sources of traffic... but they don't hold a candle to the free search engines!

I'm going to be blunt, and I'm sure I'll ruffle some feathers when I say this -- but the fact is, anyone who says that Google, Yahoo! and MSN are a waste of time doesn't know how to get good rankings for their own sites!

But instead of admitting they don't know how to market their own businesses in the search engines, they'd rather lie to their students and say it's not important. And that is doing a HUGE disservice to their students and damaging their chances of success.

I'll be the first to admit: getting top search engine rankings is not an overnight job. But it's not what I'd call exceptionally difficult.

With the right information -- and a systematic approach to building a solid SEO campaign that gives the search engines what they're looking for -- you will get good rankings eventually.

The more competitive your market, the longer this can take... but persistence will pay off.

Does the benefit justify the effort? Well, in my humble opinion... absolutely.

Research has shown that a listing in the organic search engines will get 3 times as many click-throughs as the equivalent pay-per-click listing. AND, it'll have a 17% higher sales conversion! Those numbers sound good to me :-)

Search engine marketing isn't rocket science. It's a process. If you follow that process and stay on top of the latest tips and tricks you'll definitely see a profit.

By Derek Gehl

Internet MLM Homebased Business

When thinking of starting a network multi-level marketing (MLM) internet home based business, you will need a business plan just as any other type of business if you hope to make it successful. It is more than the often-believed three-part strategy of start business, get rich, retire young. While that may happen one in 100,000 times, you will have to be extremely lucky to see it happen to you.

To begin to create a network marketing strategy you will need to decide on the type of business, or businesses, you hope to market as well as the target market you hope to hit. Knowing the product or service is a great first step in establishing yourself as a knowledgeable force on your way to success. Write out your plan of in what position do you want to find yourself in the short and long term as well as how you plan to reach those goals. Since many network marketing MLM efforts involve affiliate marketing you will need to discover which companies will accept pay for performance advertising and how to best leverage yourself as a leader in the market. You will also want to plan on whom to recruit to help you with your efforts.

Plan to grow your internet home based business slowly and avoid the allure of quick profits because chances are they will not materialize anyway, and it reduces the chance of failure. As your internet home based business network marketing MLM company grows, mark off the goals you set as you reach them and when you see yourself growing faster than planned, adjust your goals to a level that will have you reaching higher than you initially thought was possible.

Get involved in the affiliate marketing program of your choice that offers the best method of reaching higher goals and then teach others how you have accomplished all that you have, This will help ensure their success as well as increasing your future income from their efforts as well as your own, and plan to recruit others into your home based business online. When they have been firmly trained and are working successfully, work with them to recruit additional people to help them more money, as well as improving your own standard of living.

You can also use your proven network marketing MLM internet home based business strategy to create additional streams of income to better diversify your income in case something should happen to the first. You will never be without an income source as long as you maintain diversity in your internet home based business.

internet home based network marketing MLM has no large capital investment, no quotas on production and you are not limited in where in the country you can live. There are also tax advantages to a home based business online, not to mention the additional income that everyone can find useful.