You are here: Home / Security / Peek-a-boooooooo – Default web pages, and why you should care to change or eliminate them
New here? Get more useful information by subscribing for free to the RSS feed. Subscribe Now!
Jun
22
2010
1 Comment

Peek-a-boooooooo – Default web pages, and why you should care to change or eliminate them

Just dropped 200 bucks on your new webcam (link will be opened in new window) you can use to check up on your pets from across the world? Does it do everything you hoped it would?

News flash – depending upon how it’s configured, it could be doing even more; that same page you browse to in order to check up on Fido may be indexed by search engines such as Google.

Now, 9 times out of 10, the web server is configured to host the content under a non-intuitive URL; while this may deter somebody who is trying to guess the URL used by the software, it also provides those “in the know” with a “one-stop shop” for all of their nefarious needs. As an example, most Panasonic networked cameras have the string “ViewerFrame?Mode=” in the URL, and can easily be located by using the Google search string inurl:”ViewerFrame?Mode=”.  If you’re following along with the links, I’m guessing (without actually accessing this page which was likely intended to be private) the third page on the above Google search (it’s a *.edu) is exactly what a hacker would want to see — and exactly what you don’t want them to see**.

To avoid this, it may be possible (depending upon the software) to at least change the default URL used. If not, consult the support documentation – and if necessary, the vendor – to determine the best course of action by which you can better protect your privacy. Depending upon the software leveraged by the device, you may also be able to create a robots.txt file (file including all pages not to be indexed by the search engine) for the web server as well.  For more detail, see here.

By the way, it’s not just cameras, but printers and telecommunications equipment (read: WOW) as well. A surprisingly vast listing of known devices (and information on their default pages) can be found here.

** The posted information is for educational purposes only, I neither recommend nor condone using the web as a tool for spying on others.  Don’t do it.

Filed Under: Security

dman.com runs on the Genesis Framework

Genesis Theme Framework

Genesis empowers you to quickly and easily build incredible websites with WordPress. Whether you're a novice or advanced developer, Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go. It's that simple - start using Genesis now!

Take advantage of the 6 default layout options, comprehensive SEO settings, rock-solid security, flexible theme options, cool custom widgets, custom design hooks, and a huge selection of child themes ("skins") that make your site look the way you want it to. With automatic theme updates and world-class support included, Genesis is the smart choice for your WordPress website or blog.

Become a StudioPress Affiliate

About Dinesh Mistry

I am a full time Security Professional, Ethical Hacker, and overall technology enthusiast. I also enjoy working on Search Engine Optimization as time permits.

Comments

  1. Jason says:
    October 15, 2010 at 11:59 am

    Also, note that you can find more sensitive information with even more basic queries. For example, searching for filetype:QDF QDF will yield a slough of interesting details from folks who have allowed Quicken detail to be crawled.

    Reply

Speak Your Mind

*

CAPTCHA Image

*