Slashdot Mirror

← Back to Stories (view on slashdot.org)

Searching For Trouble With Google

Posted by timothy on from the dirty-deeds-done-dirt-cheap dept.

achilles writes "From a recent eWeek article: 'Whether they realize it or not, many people leave sensitive information out in plain view on Web sites. But sooner or later, a Google search will dig it up.' The article goes on to list some examples such as 'a search for credit card numbers. Try this one, for "Visa 4366000000000000..4366999999999999' and other 'risky data' from careless users, such as QUICKEN files etc."

11 of 506 comments (clear)

  1. What I'm more surprised by by suso · · Score: 4, Interesting

    is that you can search for ranges of numbers like that in google. That's pretty neat.

  2. Liability by usefool · · Score: 5, Interesting

    Is Google liable for harvesting and publishing sensitive information? If neighbour's window wasn't closed, it doens't mean you can take his naked photo and put it on the website?

    Also, maybe those numbers are traps to catch people? Surely you need those goods to be sent to an address and someone has to eventually pick it up.

    --
    Uselessful technology (Air-Charged
  3. Try phpMyAdmin by Anonymous Coward · · Score: 5, Interesting

    Very popular is the search for "Welcome to phpMyAdmin".

    This will give you some nice databases to browse through.

  4. Terrifying by corby · · Score: 5, Interesting

    I had trouble believing this, so I downloaded one of the .QDF files from the referenced link. I am feeling completely sick. This guy's checking account number, credit card number, and meticulously-maintained transaction history are sitting on my computer.

    It's way too late to warn these people about the files. Their current identity is toast. So is their credit for the next seven or so years.

    Is there anything we can advise these people to do to minimize the damage at this point?

  5. Re:Nothing wrong with this... by nial-in-a-box · · Score: 4, Interesting

    Yea except these are the idiots that will also sue Google and try to take them down because of their own mistakes. If you're in some sort of struggle with an idiot, you'll be ok, but may God help you if that idiot has a halfway decent lawyer.

    --
    I am feeling fat and sassy
  6. Re:I blame the Google Toolbar for a lot of this by RsG · · Score: 5, Interesting

    Not to troll, but "real security and ease of use"? That's a contradiction in terms. Any system thats easy to use is almost certainly easy to crack (hint, the crackers have as easy a time as the user). Any secure system usually requires long passwords, encryption keys or something equally challenging. If your users keep their passwords the same for all systems, or have accessable copies to remind them, then the system isn't secure (remember last week when Gabe Newall's forum accounts got hacked because he used the same friggin password and it was easy to guess?)
    If you mean security through obscurity then you're describing the current situation on the net, but the article states that Google is removing the obscurity aspect by making the entire net accessible. We no longer have any kind of assurance than a given nook or cranny is too obscure to bother with.
    I agree that people shouldn't leave their personal data lying around, but to simply assume that the general public can adopt security measures that we, the /. crowd, consider adequate and easy to use is silly. What we need is internet education (the do's and do not's for the clueless).

    --
    Erotic is when you use a feather. Exotic is when you use the whole chicken.
  7. Re:Nothing wrong with this... by WIAKywbfatw · · Score: 4, Interesting

    I'll second that. A little over a month ago, a letter was sent to me but went missing in the post. That letter contained my full name, address and National Insurance number (similar to a US Social Security number).

    That lost letter contains more information than I'd give out to anyone who's not an authorised government official (policeman, doctor, etc). Through no fault of my own, and despite my vigilance (I shred and burn every bit of correspondence that has my name and address on it, let alone financial or other personal details) that information is now potentially in the hands of someone unscrupulous.

    If anything untoward were to happen, I have virtually no recourse, as it would be nigh on impossible to actually prove where my details were obtained and (as far as I know) it's impossible to get a new NI number: I'm stuck with the one that's issued to me at 16 until the day I die.

    --

    "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  8. P2P is Worse by deebaine · · Score: 5, Interesting

    On a lark, I've tried searching P2P (in this case, Kazaa), for things that people have inadvertently made available. The things I found were jaw-dropping. Beyond the expected credit card and finance information, I found patent applications, doctoral dissertations, corporate documents, etc.

    I'm pretty laissez faire on this one. If you leave your keys in the car and car running, the insurance company won't cover its theft (or at least, so goes the lore). Same principle applies here, I think.

    -db

  9. TWO WORDS!!!!!! by spidergoat2 · · Score: 4, Interesting

    "Parent directory". That Google search is the most fun you can have with your clothes on.

  10. Just Call Them and help them out. by freality · · Score: 5, Interesting

    I just called all the people on one of the lists linked here and either left a msg or explained the situation. Took about 30 minutes. The clearest way I found of convincing them was to tell them how to do the Google search themselves. For most of them, their name in quotes and the word "MasterCard" or whatever brought up 1 page, the page with their info on it. I got many answering machines and disconnected numbers, but a few thanks as well.

  11. I got over 10,000 pages of credit card listings! by rfc1394 · · Score: 4, Interesting
    His example only selects cards belongng to one issuer (because the first 4 digits are the same), and only got 8 hits. Let' not be pikers and do the whole range of Visa Cards; the number 4 followed by 15 digits. And let's do Mastercard (50-53 followed by 14 digits) while we're at it, let's not discriminate!

    For Visa, I did this one and got 2450 pages of listings of credit card numbers. Doing the same for Master Card returns only another 481 pages - not just card numbers, but web pages containing numbers - and some are test pages to demonstrate how LUHN codes work, but I don't think they all are. Oh, let's not leave home without American Express, where we can find a whopping 7,780 pages of listings!

    I don't think they are all tests. Some include the number, expiration date, plus the name, address and telephone number of some people who apparently placed orders on-line. A great way to commit fraud or implement identity theft, wouldn't you say?

    My guess is that if you called some of these people you would find out that yes, that is their credit card number and they had no idea it had been exposed.

    Oh, I forgot to troll for Social Security Numbers. Now that returns 7 million pages, most being things like zip codes and such, but it wouldn't be hard to do that by redoing the search on an automated basis by inserting the '-' where appropriate and generating several thousand searches. At random I picked a range and tried all Social Security 301-01 numbers, and got 115 pages. Not only that, but the text ad from Google was for a company that offered on-line searches of social security information! Very helpful too!

    Paul Robinson

    --
    The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.