McAfee's Free SiteDigger 2.0 Spots Enterprise Exposures

SiteDigger 2.0, said Mark Curphy, consulting director for Foundstone professional services at McAfee, sniffs out eight times more potential damaging information than the original edition, which debuted in August 2004.

The tool uses information collected by Google to quickly pinpoint possibly unwanted information -- from passwords and personal data to financial records and confidential documents -- that are on a company's site and needlessly accessible to the general public.

Google has been used by several hacker exploits to identify vulnerable systems, said Curphy, and its powerful search engine and large-scale index of the Web can be turned on enterprises for other illegal purposes, he noted.

The for-free tool, which uses Google's Web services API to do the search queries, now also boasts automatic updating, so that as new search ploys are discovered, McAfee can push them to users. "We just recently discovered a new way Google can be used to discover security cameras," said Curphy in citing an example.

SiteDigger 2.0 can be downloaded from the Foundation Web site.