nCircle.com >> 360 Security

« OSX Security: PPC, FreeBSD, or Market Share? | Main | SCADAGard SIG To Be Established »

Google Long Defcon inurl:ncircle intitle:blog

Johnny Long is best known for his Google hacking website located here. His website, if you have never visited it before, consists of many ways that one could query the web pages that Google spiders and caches to gain access to things that one shouldn't have access to.

Johnny's speech at Defcon did not contain a lot of information that was new or groundbreaking. Johnny went over the basics of "Google hacking", describing in quick detail what many of the additional functions that you could add to queries to tighten the strength of the query (e.g. inurl:, intitle:, site:, link: and so on). Johnny then continued on with many other cool things that you could do with Google (including such topics as using Google to find sites that even Google doesn't know about and ways to read the content of a web page the Google no longer has cached within their own cache feature). He then finished the presentation with a list of web pages screenshots that showcases a selection of the web pages that one could find through Google and plus all the dangerous things that one could do with it. For all those that are interested, Johnny did say during the presentation that the slides will be posted on his web site above. (Edit: You can now download it in the download section of his website).

Johnny Long also gave the same speech at Blackhat. A co-worker of mine went to that presentation and was disappointed with it. They said that the presentation focused too much on the basics of crafting queries in Google and not enough on the "hacking" part of it. Therefore, it was boring for anyone who had any background in the topic. However, Johnny must have changed the format and speed of the presentation at Defcon because his presentation focused almost solely on the technical aspects of the google hacking (as well as giving props to the Sensepost guys for the Google tools that they have written). I was a little disappointed after hearing about the presentation at BlackHat because this presentation was one I really wanted to see, so I was glad that he toned down the explanation and focused more on the technicals.

Out of all the presentations that I happened to see at Defcon, I think Johnny's was one of the best. I think he fully understands the audience at both Defcon and BlackHat (BlackHat being more corporate, Defcon being more blackhat) . Johnny understood that the people who were watching at Defcon were interested in things that hadn't seen before (i.e. shiny object syndrome) that was chock full of juicy technical details. These people want to able to go home and try the same things that you are presenting. Also, they want you to be funny. Johnny's presentation contained both aspects. All in all, it was an excellent presentation and I feel sorry for those who saw it at Blackhat and were disappointed with it there.

Posted by Ryan Poppa on August 1, 2005 8:52 PM |

Search


About

This page contains a single entry from the blog posted on August 1, 2005 8:52 PM.

The previous post in this blog was OSX Security: PPC, FreeBSD, or Market Share?.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]