Security research group Cult of the Dead Cow (CDC) first burst on to the scene in 1998 with a groundbreaking tool called Back Orifice. In the ten years since then the group has gone legit, for the most part, but has nonetheless continued to contribute to the collective security knowledge. Now CDC promises to crack convention wide open with another ground breaking tool, which utilizes Google hacking as a vulnerability scanner.

The critical development that Goolag Scan represents is in the shift of mindset, which has taken place since '98, which is that the web is now the "platform". Having worked for several ASPs I can confidently say that Internet security is something that CIOs worry about every day and night. While the release of this tool obviously reduces the barrier to entry for novice hackers and script kiddies, hopefully it's also a wake up call to smaller enterprise organizations that web security is a necessary and often complicated issue to solve.

Hackers turn Google into vulnerability scanner

The new tool, called Goolag Scan, is equally provocative, making it easy for unskilled users to track down vulnerabilities and sensitive information on specific websites or broad web domains.

This capability should serve as a wake-up call for system administrators to run the tool on their own sites before attackers get around to it, according to CDC.

"It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," said CDC spokesperson Oxblood Ruffin, in a statement. "We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large website, I'd be downloading this beast and aiming it at my site yesterday."