Slashdot Mirror
Searching For Trouble With Google
achilles writes "From a recent eWeek article: 'Whether they realize it or not, many people leave sensitive information out in plain view on Web sites. But sooner or later, a Google search will dig it up.' The article goes on to list some examples such as 'a search for credit card numbers. Try this one, for "Visa 4366000000000000..4366999999999999' and other 'risky data' from careless users, such as QUICKEN files etc."
...it's called natural selection. Survival of the fittest... if people are that dumb to put stuff on the internet, so be it.
FLR
This was on bugtraq a week or two ago:
Check it out and there was a discussion of it a few days later.
Someone actually has a whole forum dedicated to finding things you can do with google here.
Apparently this was even a DEFCON speech subject.
This is no longer the case. The Google toolbar reports home to Google about sites people visit. Within a couple of minutes of someone viewing a URL that was private and only meant for them with a browser with the google toolbar installed the googlebot will come along to the site and grab the file for indexing. Nasty if you're not expecting it.
-- Sorry, I can't think of anything funny to say here.
I feel sorry for 'Haley' and others with their Quicken files being shown to all of /. and presumably friends etc. I wonder what the 'reach' of the slashdot crowd is when it's a "You're not going to believe this!" story...
Simon
Physicists get Hadrons!
Looks more like Google found forums where people were swapping credit card numbers.
Good thing I've got a Mastercard then :)
This is the sig that says NI (again)
is that you can search for ranges of numbers like that in google. That's pretty neat.
I think there was a similar /. article a while back. Do a google search for "googledorks" to find out what additional kinds of data are accessible.
Is Google liable for harvesting and publishing sensitive information? If neighbour's window wasn't closed, it doens't mean you can take his naked photo and put it on the website?
Also, maybe those numbers are traps to catch people? Surely you need those goods to be sent to an address and someone has to eventually pick it up.
Uselessful technology (Air-Charged
Very popular is the search for "Welcome to phpMyAdmin".
This will give you some nice databases to browse through.
How many people dug out their own visa cards and googled for the number ? :-) I managed to stop
myself.
All interpreted languages are abstractions over Lisp
Having google blocked (presumably from google's end) from this is just security through obscurity. Well it's not even that really, it means there is (1) stuff available in plain text which is a part of a website's (2) public access AND (3) for one reason or another has searching enabled. The problem is part 1 and/or 2, the symptom is 3. Cure the problem, not the symptom.
Was kinda scary the first time I trired it.
Not getting just credit cards, but other nice little things.. New Order
Just tried google for a SSN search as well. Same thing, you get a list of results within that social security number range, along with names, and addresses.
I just can't figure out why people would be victim to identity theft.
...as a result of blogs. The stuff I've posted in my various blogs would pound me to a paste in any sort of political election.
For now, it'll only be the foolish adult politicians who say things in their blogs that will come back to haunt them in their careers. Combine kids and blogs, and you'll have a public record of your childhood behavior.
tasks(723) drafts(105) languages(484) examples(29106)
Obfusacation may have allowed people to be sloppy with their data exposure until now. But that is no excuse for people being lax with their own data security.
The Internet is built by it's users. The responsibility for protecting data lies squarely with the users at the edges.
Just ordered a computer that can actually play Doom 3!
Thanks Slashdot!
Comment removed based on user account deletion
Check out the cached version of the third link and look in the text box. Hopefully it's not any of you... google link
I had trouble believing this, so I downloaded one of the .QDF files from the referenced link. I am feeling completely sick. This guy's checking account number, credit card number, and meticulously-maintained transaction history are sitting on my computer.
It's way too late to warn these people about the files. Their current identity is toast. So is their credit for the next seven or so years.
Is there anything we can advise these people to do to minimize the damage at this point?
Hoping to find thousands of results i did this ;)
fifteen jugglers, five believers
Don't publish this on ... hey!
Who needs P2P?
Now I can afford that new notebook after all!
sigaar
I believe it was covered on Slashdot before...
However search Google for cool stuff like:
"Index Of" "My Documents" "Last Modified"
You can see plenty of people's documents, about 1300 or so results.
Linux is less fun:
"Index of" "/etc" "Last Modified"
What can you do with this though?
Get your Unix fortune now!
Comment removed based on user account deletion
Comment removed based on user account deletion
of the VISA/Google search is that VISA is a sponsored link. Kind of like Microsoft advertising on a website that bashes it for its security holes...wait a minute...
Only some of us are fortunate enough to learn from other people's mistakes. The rest of us has to be the other people....
sigaar
convert 29 fahrenheit to celsius
or
pi=
or
define: hubris
google's got neat tricks
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I sought for my credit card number on Google.. Is Google indexing our search key words?? Doh!! Now everybody can find my creditcard!
From the google search linked, there's a reason that those forums are crawling. Actually, mine is still trying to connect to the server.
/. geeks gotta get their pr0n, after all.
Lot of
The sad thing is that now people will be Googling for their credit card numbers to be sure they're 'safe', but doing so means their credit card number will show up in the list of things people are Googling.
"Index of" mp3
gives you access to rather a lot of files. You can also replace mp3 with various other suffixes for added fun.
Don't forget that removing the filetype and including "site:yourdomain.com" will allow you to quickly check if any of your folders are visible to the world that shouldn't be.
Avantslash - View Slashdot cleanly on your mobile phone.
A lot of people can't/won't learn. I cross paths with people who don't want to know a damn thing about computers, they just want you use them.
I think the future model that works is that people will have to get 'experts' to do the tough stuff. Security, performance, reliability, etc. Everything the saleweasel said was automatic.
eric
Another good one is searching for copywrite phrases found on front pages of eBooks such as O'Reilly CD Bookshelves. People seem to put up their eBooks for their own convenience. OTOH publishers seem to be doing a bit of Googling of their own, as they tend to be taken down pretty soon. Nothing that a quick WGET won't handle...
I'm sorry if I haven't offended anyone
Guess what - someone who isn't a /. reader is:
Probably the ones most vulnerable to Google mining (for lack of a better term)
The ones least likely to know what a robots.txt is, what it does, and how to utilize it to prevent stuff like this.
You better watch out, there may be dogs about . .
Norton DumbWall 2004
Featuring:
Order now and get a free drool-bib.
"Proudly Posting Without Reading The Article"
Thats my credit card number!
"index of /admin" site:.gov
Pwned!
http://www.google.ca/search?hl=en&ie=UTF-8&q=Welco me+to+phpmyadmin&spell=1
This could be good in finding websites that illegally publish this content.
With this search in google:
Mastercard 5000000000000000..5999999999999999
I found this russian site that published American credit card information with expiration dates, names and addresses:
http://kupi-cc.0golf.com/halyva.htm
Scary stuff. I would prefer google to find this information so that I can type in a simple query and see where my information is being wrongly published then not knowing at all.
I'm surprised at how easily you guys assume other net users are simply so dumb? Let's be a bit more humble and take any news/comment with a grain of salt. If you try the search suggested, you'll see some sites were russian forums exchanging credit card numbers they illegally obtained.
Besides, who would ever take the time to post one's own credit card numbers on the net? It's dumb to assume someone did that by themselves, frankly. I can only imagine someone might got card lost and the number got into those illegal forums, or someone put the number in an email to CS representative and the email got put into FAQ, or scenarios like that.
On a lark, I've tried searching P2P (in this case, Kazaa), for things that people have inadvertently made available. The things I found were jaw-dropping. Beyond the expected credit card and finance information, I found patent applications, doctoral dissertations, corporate documents, etc.
I'm pretty laissez faire on this one. If you leave your keys in the car and car running, the insurance company won't cover its theft (or at least, so goes the lore). Same principle applies here, I think.
-db
This person uses a lot of (paraphrase) "I haven't seen it myself, but I am sure real numbers are there."
Unless this person can site a real case then all he did was show us test files (as he claims he has seen)
I mod down so you can mod up. Your welcome.
NOT WORK SAFE!
NOT WORK SAFE!
NOT WORK SAFE!
Gah! And I here I thought I wouldn't be so stupid as to not realize what kind of link that would be.
(pounds head on desk repeatedly)
(no one notices since it's part of my job requirement)
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
But if you read everything like you're supposed to when installing something, you won't need to be surprised by it.
This doesn't have to be a bad thing. Imagine the positive applications of this knowledge in the area of web forms. Most membership/shopping cart sites have a link that you can click to retreive your password in the event that you forget it. Soon, shopping carts will have a link that you can click if you forget your card number and it'll look like this:
Forgot your credit card number? Click Here
At this point if I were someone looking for a free credit card, I'd probably go at least a few down in the results, I'd like to think that the top 20 or so are plants by law enforcement by now...at least I'd hope...
...in bed
I hope everyone knows that google (and other spiders) can be blocked rather easily.
t orial.htm
See the URL below for a robots.txt tutorial:
http://www.searchengineworld.com/robots/robots_tu
It is still possible to share files on a web server without search engine exposure.
Looking for
Welcome to phpMyAdmin x.x.x
MySQL x.x.x-log running on localhost as root@localhost
or parts of it can also be fun.
I'm not sure about legal stuff, but if you were not supposed to have access, there would be a password, I'd think...
Privacy is terrorism.
I have recently found google to be great for finding .torrents
.mp3, .pdf --- just about anything you can think of in fact..
eg
red-hat torrents
or
fonts
other filetype's that work
Electronic Music Made Using Linux http://soundcloud.com/polyp
DoH! didn't think about that ....
ehhehehe
actually, I didn't input the entire number, I omitted the last four.
If you look like your passport photo, you're too ill to travel. - Will Kommen
This one was just crazy!
Beware: In C++, your friends can see your privates!
Any website that accepts credit card payments worth using will require an AVS number and address.
As for coding these numbers on to other cards and using them in bricks and mortar shops, you would hope that the shops check that the embossed number matches. If they have checked all this, under UK law anyway, the CC company is liable.
With chip and pin cards being introduced across Europe CC numbers are becoming more and more useless to criminals now.
----
Hasn't anyone heard of using a robots.txt to block web spiders? If people are stupid enough not to, then their hidden data is just asking to be found by anyone. Thats my 2 cents.
Try this one, for "Visa 4366000000000000..4366999999999999'
What a great idea, now I can read the cached version of the article while the original gets Slashdotted :)
that's pretty funny, i never knew that, thanks ;-)
;-P
i see they got Douglas Adams fans at google!
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Not only blogs. I'm sometimes surprised for what is still available on Usenet archives... I found some post of me back to 1996, by searching with google on groups.
...into complete financial oblivion, any 2nd or 3rd party who is careless with our sensitive data.
I guess I don't have any mod points...
This has been talked about on blogs, on the Security Focus mailing lists and at several conferences, at length, for months now.
In fact the searches don't really even work anymore because the results all return articles, stories etc. about how easy it is to find this stuff.
The Anti-Blog
This has been fairly known and Johnny had great presentations in the last Blackhat and DefCon that really shook you up if you were not aware of the "Power of G"...
Very cool, a lot of very stupid people (from the myPHPAdmin, to the WebDAV-Frontpage passwords, all the way to nessus and ISS scan results...).
get a free ipod! This really works. (Free gmail invite to the ones using this referal and completing the offer!)
Although there may certainly be some egregious privacy issues found by Google search, he provides little solid evidence.
It seems he was far more concerned with making his 5 cents per word than providing a compelling case.
-- Scientist: You aren't going to leave me here, are you? Boagh! Thump...
Yes and they also mentioned that this wasn't as big a deal as people think.
For one the the valid credit cards numbers will be rapidly be made useless as 3rd parties use them and they are cancelled. The bottom line is very few customers will be liable for any of these fraudulent transactions.
The majority of the credit card numbers are on semi underground script kiddy sites. Where they are posted to gain cred or access to pr0n. I'd like to bet that most of these are invalid or the product of a credit card number generator.
Lastly this article implies (and a number of posters here) that the credit card numbersfound are the result of carelessness by credit card holders on the web and therfor it is their own fault. This is not the case. Google did not expose any mass stupidity by internet users, it simply exposed some of the sites that havest credit card numbers.
Unfortunately there isn't a good way to search for URL strings like this:
2 6b 40f-c8a84ba388
... EVERYONE will have Gmail!
http://gmail.google.com/gmail/a-e00073f786-289e
But once someone figures out a way
--
Until then, five of you can hit me up at kevinomara at gmail.
yesterday i walked by an atm machine just seconds after a guy left it - his card was still in the machine and it was at the screen where you can either quit (and get your card back) or carry on another transaction. as i have a guilt complex the state of utah, i got his card out and chased him down the sidewalk.
point being: debit/credit cards are insecure in the real world, too!
Seems that everything, except the personal information posted by a third party, can be summed up by a simple common acronym: RTFM. Ignorance of the law isnt a defense -- neither should be not reading the manual.
Sometimes I wish computers were less friendly.
It would be nice to think that the smart guys at Visa/MC/Amex/et al have bots crawling search engines for CC numbers and that they immediately cancel any compromised cards.
I happened to run across a guy discussing his career moves and some other somewhat sensitive items. I had put in a couple of company names in Google and up popped his blog.
One should try and be a bit more anonymous or general when blogging.
"Parent directory". That Google search is the most fun you can have with your clothes on.
There are banks offering special 'web credit card' services. They issue credit card numbers that are valid only for a single transaction. After the transaction has taken place, the number expires. Even if a site would have serious security issues, allowing someone to see all the credit card numbers they ever received from people, these single-transaction numbers would be worthless to anyone finding them. Of course ultimately a website shouldn't ever receive credit card numbers, but instead relay credit card payment to a bank and then communicate with that bank to see if all went well, but that is another issue.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
The problem is also people who share their entire hard drive contents... email inbox files anyone?
When I used to use Kazaa, I deliberately left two text files in my share directory called 'mastercard details.txt' and 'visa card details.txt', with some colourful language contained within (so they weren't zero byte size)... not surprisingly I got quite a few downloads too! plus I got the satisfaction of them reading my little message (maybe I should have given them some goatse ascii art!).
Are you local? There's nothing for you here!
First googleon the link in the article points to a news article on eWeek. The date on the eWeek article ? August 30, 2004
Um... news?
http://efil.blogspot.com/
Actually, at least here in Canada, the insurance companies have to cover you even if the keys are in the ignition--theft is theft. I know this because my father just went through getting his truck stolen after leaving the keys in the ignition.
:)
The insurance companies will try to bully you into thinking that they don't have to cover you, but they do. However if they can convince you that they don't have to and you just go away then they don't have to pay you. This is the usual course of action.
Luckily my father has a good insurance broker who knows the law and wouldn't let his client be bullied. Its astounding what insurance companies can get away with.
This of course after them pleading poor to the Canadian government only to report record profits a couple of months later. What's $2.6Billion among friends? Now that is in Canadian funds but it still works out to about $100US or so
I'd like to see more of that kind of thing, preferrably all of the following as options:
"Good everywhere all the time, with no control at all" just seems like a bad idea. But since banks either shit on the consumer or the merchant when it comes to fraud, they have little incentive to secure the system. When they pass the new bankruptcy bill in congress, even shoddy lending practices will be given a pass as well.
A while ago SOME GUY ON IRC personal Cabletron switch puked out, so SOME GUY ON IRC needed a new firmware image. Low and behold, SOME GUY found an account via google. Some school posted theirs online. (Cabletron makes overpriced gear sold to gov't mainly, you can generally get enterprise level huge switches on ebay for $5, since it doesn't carry the Cisco name.). Oh that was a lucky find, since hardly anyone uses Cabletron (now Enterasys) equipment, it is hard to find unlike Cisco CCO accounts.
Google rocks! Don't forget to google for your FLEXLM license files for your Solaris and similar systems, or your crusty Digital licenses for VMS, OSF/1, etc.
Southeastern Virginia REPRESENT!
A security focus article with many other ideas and a complete web site about google hacking. Happy searching :)
Search for "C:\Documents and Settings" on Google's Uncle Sam sub-search, here.
This is sort of like what eBay did through paypal. Well, at least until they _bought_ them. I guess that sort of relationship worked out (other people still use paypal as an external transaction processor).
But whoever steps up to the plate is going to have to offer a more compelling offering then whatever current credit authorization services can provide.
It's got to provide realtime feedback as to account status and such (for the vendor), or something.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Soon enough all valid Visa numbers will be slashdotted by orders at ThinkGeek.
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
"real security and ease of use"? That's a contradiction in terms. Any system thats easy to use is almost certainly easy to crack (hint, the crackers have as easy a time as the user).
I completely disagree. While the implementation of a secure system maybe incredibly complex, it does not necessarily follow that the system will be difficult to use.
The secure shell protocol maybe complex, and require a good understanding of communications and encryption algorithms to develop, but I have no problem using putty! -- Grouper --
I'm always finding files on p2p networks that people either didn't know were available to the public, or had no idea what was in them.
.sql, also simple things like "phone" "password" "address work too.
next time your on a p2p search for access files, excel, QuickBooks,
Same thing really as with google where people had no idea what they were doing, and gave access to sensitive information to the public unknowingly.
TruePunk | Games
suppose I wanted to check to see if my vital info was release by some careless or malicious person(s). I might consider going to google and doing a search. BUT, I'd have to use that private data for the search. Once that is done the data is has been released, and possibly stored in some, in-the-clear, query history,
So how might I be proactive and research the issue, without revealing the info?
True friends are hard to come by... I need more money. - Calvin
...is the price of a cheese pizza and a large soda at Pinnuci's!
Facts do not cease to exist because they are ignored. - Aldous Huxley
(for those of you who don't know, the Razor states "Never attribute to malice that which can adequately be explained by stupidity.")
Facts do not cease to exist because they are ignored. - Aldous Huxley
Well, read the end of my post. I was refering to average or below average computer users, not geeks or the computer literate. Undoubtably most of the Googlable* private info came from the Joe public crowd, and these people have a hard time with data security. My disagreement with the gandparent was over the implementation of widespread or universal security (of course I may have misunderstood his point, but mine still stands).
*I have no idea whether "Googlable" is a word, and my spelling is bad enought with normal english, but I think I spelled that right
Erotic is when you use a feather. Exotic is when you use the whole chicken.
I don't read Russian so I don't know what the context is, but the Mazafaka site that comes up in the Google results seems to have info on real people in it. At least I am able to find them through Yahoo people search and get the same addresses. Perhaps the credit card numbers are real as well?
Lasers Controlled Games!
That search yields ust 6 hits, one of which is an eWeek article on the same topic - "do a search for #### visa on Google."
Navel-gazing, anyone?
Or maybe it was a slow news day, so they created their own story...
Try doing a search for password type:*.txt. The results are a bit more interesting.
I just called all the people on one of the lists linked here and either left a msg or explained the situation. Took about 30 minutes. The clearest way I found of convincing them was to tell them how to do the Google search themselves. For most of them, their name in quotes and the word "MasterCard" or whatever brought up 1 page, the page with their info on it. I got many answering machines and disconnected numbers, but a few thanks as well.
Anyone know what that 481 on the signature strip is for?
It actually depends on what the name is on the front of the card. It has different meanings for different names.
Yours would be.... ?
--LordPixie
I once found some very interesting stuff using Google. Basically, it was all to do with the fact that customers of an online service (which my place of work used to use) were trying to use client-side scripting to do something that should have been done by server-side scripting; so their web sites were full of JavaScript (which some people still think is secure). The sites also necessarily linked to the central server, and were giving away information in cleartext that really was not meant for public consumption. Because there were these links to the central server script -- complete with the variable names and values in the query string -- on several pages on the clients' sites, Googlebot found them and indexed them. (THE PROPER WAY would have been to bury the variables which dealt with authentication in a local CGI script, which would then call the central CGI script. Authenticating to the local script is left as an exercise for the reader. At any rate, damage is inherently limited because the attacker does not gain the actual authentication tokens; only the chance to do whatever limited acts the site's programmer has chosen to allow.)
I am not saying any more. My boss told them what they had done, they know who we are and there could be repercussions. But anyway, I'll google for the same information again in a few months' time and see if it's there. If so, I might do a write-up. In my book, if you leave your valuables lying around where you know there are thieves, you deserve to be taught a lesson -- and you should be glad with knowing that your valuables are being taken care of by someone like me, rather than broken by some of the thugs out there.
"outlook.pst" filetype:pst
Discover card has a solution to this problem. Their software sits on your desktop with your credit card information. When you want to pay anything online it creates a one time credit card number which can be used to pay to the merchant. Seems like a good solution. I think everyone should implement a solution like this.. here is the link by the way
r ofile/pp/SafeOnline
https://www.novusnet.com/cardmembersvcs/personalp
When you search Google for your own CC#, you associate it with your IP#, and therefore other traffic, that can be read by sniffers on the Internet. Even if Google didn't have your CC# in their index, you've now advertised enough info for a bad guy to clone your identity and rip you off.
--
make install -not war
I just called all the people on the list linked here and either left a msg or explained the situation. Took about 30 minutes. The clearest way I found of convincing them was to tell them how to do the Google search themselves. For most of them, their name in quotes and the word "MasterCard" or whatever brought up 1 page, the page with their info on it. I got many answering machines and disconnected numbers, but a few thanks as well.
MBNA has ShopSafe
Citibank has Virtual Account Numbers
Discover has Discover Deskshop
even American Express...
This is *nothing* new
I filed a case with the FTC's fraud clearinghouse, filed a complaint with the FBI's fraud group, and called the guy who hosts it. At first he was like "yeah yeah.. send a msg to ...", then I told him there was a case filed with the FBI's consumer fraud group. The page was gone in seconds and is now 404. The page is still in google's cache, and i've put that search query in my fbi submission. LOL! Interesting morning.
For Visa, I did this one and got 2450 pages of listings of credit card numbers. Doing the same for Master Card returns only another 481 pages - not just card numbers, but web pages containing numbers - and some are test pages to demonstrate how LUHN codes work, but I don't think they all are. Oh, let's not leave home without American Express, where we can find a whopping 7,780 pages of listings!
I don't think they are all tests. Some include the number, expiration date, plus the name, address and telephone number of some people who apparently placed orders on-line. A great way to commit fraud or implement identity theft, wouldn't you say?
My guess is that if you called some of these people you would find out that yes, that is their credit card number and they had no idea it had been exposed.
Oh, I forgot to troll for Social Security Numbers. Now that returns 7 million pages, most being things like zip codes and such, but it wouldn't be hard to do that by redoing the search on an automated basis by inserting the '-' where appropriate and generating several thousand searches. At random I picked a range and tried all Social Security 301-01 numbers, and got 115 pages. Not only that, but the text ad from Google was for a company that offered on-line searches of social security information! Very helpful too!
Paul Robinson
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
http://help.yahoo.com/help/us/ysearch/tips/tips-01 .html
* Airport Information
* Airline Registration Information
* Area Codes
* Calculator
* Dictionary Definitions
* Encyclopedia Lookup
* Exchange Rates
* Flight Tracker
* Gas Prices
* Hotel Finder
* ISBN Numbers
* Local Search[new]
* Maps
* Movie Showtimes
* News
* Packages
* Patents
* Sports Scores
* Stock Quotes
* Synonym Finder
* Time Zones
* Traffic
* UPC Codes
* VIN Number
* Weights, Measures and Temperatures
* Weather
* Zip Codes
SIGUSR1
In fact, there wasn't isolation in the original example that inspired Darwin to pen 'The Origin of Species'. All of the finches on the Galapagos were assumed to come from the same original species, possibly as little as a few pair.
Have you been touched by his noodly appendage?
If you find something of yours that shouldn't be online, and you have access to the server, the best thing to do is put up an empty document with the same name.
Contacting google to remove their 'hit' on it could take a while, and remember--there *are* other search engines out there. If the doc just disappears, it'll stay in Google's cache (and who knows who else's) for who knows how long.
However, if a doc with the same name and same location still exists but has little, no, or bogus data, the engines will suck up this new worthless copy the next time they come 'round and the good copy in their cache will be overwritten with the new worthless copy.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
shamelessly ripped from PayPal's website:
What is a Card Verification Number?
The Card Verification Number is a security feature placed on credit cards and debit cards to ensure that the person entering the card number online or over the phone has possession of the card.
Facts do not cease to exist because they are ignored. - Aldous Huxley
i got the same answer here
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
That shows up bad on your credit report.
Hollow words will burn and hollow men will burn.
Some of these may very well be debit cards. So I'm quite sure there are at least a few cardholders at risk here.
If other reasons we do lack, we swear no one will die when we attack
See: Check Clearing for the 21st Century Act
Information Week raised some of the issues: Quality vs. Deception in Managing IRDs
I can be found @ 127.0.0.0
I left out that you won't be able to use the original check for proving forgery or alteration, since it may (read probably) will no longer exist!
I can be found @ 127.0.0.0
The merchant takes the risk when someone uses your card. When Joe Sixpack gives his card info out to a phisher, and said phisher orders from a merchant, guess who's left holding the bags? The merchant.
Signed,
An Internet Merchant
Really, I'm not trying to be clever with my signature.
http://seewhatyoushare.com/, as covered in Slashdot before has a pretty good round up of sensitive and sometimes CLASSIFIED documents found on P2P networks.
Interesting non?
...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
After someone dies, their SSN is listed in the SSDI - Social Security Death Index. I googled SSNs, and I pretty much all that came up were genealogy entries; relatives enter the SSN just for idendification purposes. So that's fine.
Handy to see if your card number is out there, search for a range in which your number is and your last name.
One thing I don't think I've seen mentioned yet though, is that everyone is assuming that people choose to post the data in question. While this is probably true to a large part, it is by no means always the case. Some of the data may have been stolen due in no part to the victims (hacked website, disgruntled employee at a bank, etc) was then posted.
Vote Quimby.
try typing
intitle:index.of mp3 coldplay
things like cv.doc also give realy emberrasing results as still 4,770,000 sites still give nice browsable results.....
See http://johnny.ihackstuff.com/ for details
Message from god, Please logoff, rebooting the Universe
...I'll just wait for the astute "summary" from Roland Piquepaille (aka, F-ckyface). What a tool.
'nuff said.
It is a completely voluntary program on the banks part:
The law does not require banks to accept checks in electronic form nor does it require banks to use the new authority granted by the act to create substitute checks.
I may be mistaken, but I could swear that possession of stolen credit card numbers is a crime. I "know" I've seen news stories about ID theft rings getting busted for the _possession_ of stolen credit cards and related info.
Now I do one of these Google searches, go to a page that has these numbers, names, addresses, etc. It's now in my browser cache of my laptop.
Some law enforcement person currently engaged in generating revenue for the city/state pulls me over for doing 45 in a 35 zone. As legally my car can be searched, they find my laptop and make me start it up. This guy decides to see what I've been looking at because of "kiddie porn" and stuff he's seen and he figures a +10 ticket is not enough to justify getting out of his cruiser on a 110 degree day in Arizona.
He discovers in my cache these "Stolen credit cards"
What happens then?
This may be tinfoil hat stuff, but maybe not. Kafka wasn't completely crazy.
What I don't know I just fake...
Considering the examples the writer used, such as Visa numbers and Quicken files. Did you notice there were only about 22 results a piece? Now take that number from the total amount of web pages crawled (4,285,199,774), and you'll have a nice percentage that tells you exactly how many people include insecure web page content. ...not many
Yes, cleary a google search is offtopic in a thread about google searches. Dumb ass.
The point is moot anyway-I did some further digging through the Federal Reserve site & found out (buried in their regulations for implementing the law) that it can't be used with ACH, as it requires an original check to create a substitute one.
The Federal Reserve Board took comments from concerned parties in formulating the regulations (many of which were the same as my concerns about fraud and forgery) and specifically added regulations to address them. I don't know if they covered every possible huckster's scheme, but enough of them to (pardon the mixed metaphor) take enough wind out of my sail to get me off this hobby horse...
If anyone else out there has any curiousity: Check 21 Regulations & Comments as PDF
I can be found @ 127.0.0.0
I worry, now that it's on Slashdot, a certain Visa search will end up on Zeitgeist for sure!
I wish one of them (Google or Yahoo) would allow typing in an IP address and getting the whois results.
Wanted: witty unique signature. Must be willing to relocate.
Sorry, this is completely off-topic, but when I pulled up this story the rotating ad landed on a Microsoft ad - here's a screen shot of what I'm talking about: Microsoft Ad
Is it just me, or does that whole concept seem ludicrous? I suppose it makes logical sense, in a twisted kind of way:
"At Microsoft, our programmers encounter security vulnerabilities each and every working day. Our experience with security is second to none! Not like those silly Linux dweebs who hardly ever see a security vulnerability. Who would you rather go to for security advice - a programmer who has never ever encountered a security hole, or seasoned programmers who run into security holes all day long, every day?"
That tag line should read "Go to microsoft.com today and get a free virus!"
-- *My* journal is more interesting than *yours*...