Lately, I’ve been looking at tons of SQL injections and SWF login blog posts and screen captures. I notice most hackers attempt to redact the compromised URLs. However, in most cases there is enough information from the screen captures to find the sites.
The attempt to redact the information is an attempt to protect the innocent. The latest instance of this was a blog post on a Symantec SQL Injection that yielded tons of information including serials and passwords. The image below is a screen capture posted within the blog post.
Next, I visit Google and type: site:symantec.com intitle:Teacher Sima
This is just basic Google Hacking here, nothing advanced. This is something I’ve been instinctively doing when I see something like this.
So the question is “Why redact?”
_MJC_
{ 1 comment… read it below or add one }
Good question.
Effective redaction is still possible but it takes a lot more work that merely blanking out parts of the URL. It can mean looking at the entire screen shot and redacting lot more.
Even if the screen shot was redacted to blur out the page's title, the Japanese text shown *might* have been sufficient to have a good go at finding the actual site. (I don't know for sure since I cannot read Japanese and didn't have time to play around with katakana and kanji today.)