Antivirus maker McAfee has updated its SiteDigger tool, which uses Google to hunt security holes in Websites automatically, but questions remain as to whether the tool helps surfers and searchers or hackers more.
Released January 10, the updated SiteDigger sends specific queries to the Google database, which return exploitable flaws and sensitive information. It's aimed at helping Webmasters keep up with what's out there regarding their own Websites, McAfee vice president of worldwide professional services Chris Prosise said to reporters, but the product apparently doesn't distinguish between an authorized site administrator or a possible hacker.
"We built this tool really as an awareness tool," Prosise said. "As a victim, you would never really know that someone was using this information." But he also acknowledged SiteDigger could be used against a site, though he added Google requires users of automated services sign up to their Web services development program.
Google hasn't commented on SiteDigger, but Computer Sciences Corp. senior engineer Johnny Long was quoted as saying products like SiteDigger are necessary safety tools for Web administrators, especially since administrators themselves lack the time to hunt the whole of Google and other search engines.
SiteDigger and similar tools use common security signatures to query search engines for problems, but Long added that small, less security-conscious sites could still be at the disadvantage against possible attacks.
