Searching for Trouble

Carl Weinschenk

There is no more common task performed by people using the Internet -- at home or at the office -- than search. This Help Net Security story suggests that this may be a problem. For instance, 80 percent of users find sites through search even if they already know the URL. The bad new is that these folks are Googling (or Yahooing, MSNing or WebCrawling) into danger: SafeScan says one in five search results contain malware or content that is offensive or illegal.


The story goes into some detail about one method that crackers use. "Spamdexing" is the attachment of hidden text and links to compromised sites. The additions perform their tasks like search engine optimization tools and raise the ranking of the site. Unfortunately, this perpetuates the distribution of the undesirable content because more people visit. This is one way that hackers are attempting to "recruit" computers into the huge Storm botnet.


The news isn't all bad for search. Indeed, search can be a tool in heightening security and in other ways contribute to an organization's efficient operation. eWEEK reports that startup Paglo enables enterprises to search through their increasingly complex IT assets. The platform, set to launch today, sends a spider through the system to find and catalog the organization's computer, network and security systems, according to eWEEK. The resulting information -- that can indicate, for instance, if the system's patches are up to date -- is displayed on a customizable dashboard. Splunk has been offering similar services for a few years, the story says.


Enterprise search of the more generic variety -- looking for corporate information for folks to use in doing their jobs -- is a big business. Earlier this month, Microsoft announced free and paid-for versions of its search technology, called Search Server 2008 and Search Server 2008 Express, respectively. InformationWeek says the free version is available now as a "release candidate" and the version for which Microsoft will charge will be released during the first half of next year. A SharePoint product manager in the UK said that the tools can search files, document management repositories and intranets on the customer network and handle "designated authorities." Wikipedia and Google are examples of this.


The story says the product offers "security trimming," the elimination of search results listing if the person is not authorized to receive the data. Thus, the piece says, a person not authorized to get a document entitled "Job Cuts in November" would not see it in the search results.


Of course, people use search engines freely at work. For that reason, this report on search engine safety should be a must-read for IT managers. Using McAfee SiteAdvisor's automated tool, The Security Central Forum concluded that AOL returns the safest results and Yahoo the riskiest. The report notes that search engine results are getting safer due to a concerted effort by Google, AOL and Ask to identify dangerous sites. The piece says 4 percent of all results link to risky sites, compared to 5 percent in the previous study (which was conducted in May, 2006). The top five engines -- representing 93 percent of all search engine use -- all returned some dangerous links. The report offers a lot of good information which, taken together, paints a picture of an improving but still dangerous terrain.


Others are recognizing the dangers as well. This Washington Technology story reports on a study by the Civitas Group on search. The report looked at Google Desktop Search and Search Across Computers. The Google apps were found to be powerful. The applications, however, pose the risk of unauthorized release of information. The bottom line is that the technology enables searches to be performed that, if not carefully monitored, could lead to the unauthorized release of information.


Search is a very broad area. There are internal and external dangers. Wise IT managers will take all of these issues seriously and, perhaps with the help of the human resources and legal departments, map out a concise set of procedures and policies.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.