Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Face of One AOL Searcher Exposed

Posted by ryuzaki0 on from the knew-it-wouldn't-take-long dept.

Juha-Matti Laurio writes "No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "Those are my searches," she said, after a reporter read part of the list to her, continues the article."

2 of 315 comments (clear)

  1. Torpark by eldavojohn · · Score: 4, Informative

    I guess this just goes to show that you should be using something like Torpark even when merely conducting an online search. It's a shame but if you value your privacy, I guess it's necessary.

    Keep those IPs changing so they can't track and accumulate your searches I guess. I don't want a dossier of my searches available to the public.

    --
    My work here is dung.
  2. SQL injection target? by Chapter80 · · Score: 5, Informative
    Pretty cool seeing people get this data into searchable form, like on:
    http://www.aolsearchdatabase.com/

    I did a search on there this morning, and it displays the SQL statement for me, which is very handy...

    Select SQL_CALC_FOUND_ROWS * from search_data WHERE match (anon_id,query,click_url) against ('4417749 ') LIMIT 0,30

    Interestingly, if you do the standard SQL injection, searching for something like "4417749') LIMIT 0,30; DROP TABLE SQL_CALC_FOUND_ROWS;--", I bet you will screw it up for them. Kids, don't try this at home. I'd never encourage people to do something illegal!

    The point of this posting is:
    Learn about SQL Injection, and protect against it.
    Don't display your SQL query to your users.

    If you don't know what SQL injection is, try a simple example: Search for "1','0" (skip the double quotes, but not the single quotes) and you'll see it in action without causing harm.