Has Google Indexed Your Backup Drive?

← Back to Stories (view on slashdot.org)

Has Google Indexed Your Backup Drive?

Posted by samzenpus on Thursday April 9, 2015 @02:05PM from the it's-out-there dept.

itwbennett writes Depending on how you've configured the device, your backup drive may have been indexed by Google, making some seriously personal information freely available online to anyone who knows what they're looking for. Using a few simple Google searches, CSO's Steve Ragan discovered thousands of personal records and documents online, including sales receipts with credit card information and tax documents with social security numbers. In all cases, the files were exposed because someone used a misconfigured device acting as a personal cloud, or FTP (File Transfer Protocol) was enabled on their router.

8 of 121 comments (clear)

Min score:

Reason:

Sort:

Right by Anonymous Coward · 2015-04-09 14:09 · Score: 0, Insightful

How idiots got their backups indexed ?
1. Re:Right by Anonymous Coward · 2015-04-09 15:59 · Score: 1, Insightful
  
  How idiots got their backups indexed ?
  As it turns out, dumbass people do dumbass things - things like taking a significant risk with something complex that you do not remotely understand. You either decline the risk entirely, learn a few fundamentals about how it works, or hire someone who has learned them. Those are your sole rational choices. Dumbasses think there's a viable fourth option: invest more heavily than you think in something you know (or should know) you don't understand.
  You can see how "I am not a computer expert!" and other bullshit excuses are just a smokescreen. If you really knew that to be a fact, you wouldn't try to tackle it yourself. It's just egos doing what egos do, playing stupid blame games instead of identifying and solving the problem.
  Ignorance is far superior to stupidity because ignorance potentially learns from its mistakes and does not repeat them.
Clickbait-ish Headline by Midnight_Falcon · 2015-04-09 14:13 · Score: 5, Insightful

When I read this, I immediately thought "Has Google Indexed the Contents of your Google Drive?", in the context of those automatic backups you might have enabled for photos, etc on your Android device. In fact, you're only at risk here if you have configured some type of FTP server or WebDAV (like a QNAP, etc) to have a public IP and have no security whatsoever. So that means having enough technical prowess to accomplish that much, only to leave all your stuff open on the internet for "ease"?!?
I think much of Slashdot might agree with me that if you're silly enough to deploy a public-facing server with no or default authentication, yeah, you'll probably deserved get indexed by Google.
1. Re:Clickbait-ish Headline by snowgirl · 2015-04-09 14:24 · Score: 5, Insightful
  
  yeah, you'll probably deserved get indexed by Google.
  deservedly*
  But not only that, it's not like Google can infer intent to share the data... you put it out there, and Google said, "hey, this is publically available, obviously people want this to be indexed!"
  There's no adequate way to fix this either, because if it's opt-in, then unknowing individuals will fail to opt-in for indexing... if it's opt-out, then unknowing individuals will fail to properly opt-out (robots.txt for example)
  If you put up private data publically on the internet then you simply have to accept the fact that no one else could have known that you didn't want to share the data...
  
  --
  WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
Re:I'm a little baffled by Dutch+Gun · 2015-04-09 15:15 · Score: 5, Insightful

I own a Synology NAS, and it comes with all sorts of nifty software that lets it do general server-like things. You can view photos or watch movies from anywhere on the internet. You can set up Wikis, serve webpages, and do all sorts of other stuff.
I partake in none of this. I use it as a file system, a data backup, and for streaming media to my videogame consoles, and absolutely nothing else. Frankly, opening up your NAS to the internet in any capacity is insane. It's where the phrase "A little knowledge is a dangerous thing" is never more appropriate. Even if you set up everything correctly, you're only a single security flaw away from the entire box being compromised. Most people see all these cool features and are encouraged to experiment with them a bit. No one ever tells them "Hey, if you screw this up, you could accidentally leak all your personal information to bad guys on the Internet."
It's funny, because you're seeing the same sort of learning process that the professional programmers and IT people have already gone through (or are STILL going through in the worst examples). People first think of cool things they can do with the internet, and then security-related thoughts come only after a disaster strikes. I'm not sure if there's really a fix for this. People will make silly mistakes and get burned, unfortunately. And then they'll know better. Life goes on.

--
Irony: Agile development has too much intertia to be abandoned now.
Re:The web crawler would only index it if... by Mashiki · 2015-04-09 17:46 · Score: 5, Insightful

If this is what amounts to network security these days, we're doomed.

--
Om, nomnomnom...
Re:The web crawler would only index it if... by shortscruffydave · 2015-04-09 23:41 · Score: 2, Insightful

And if you have a web interface on your WAN port then you're most likely doing things very wrong to begin with. If you want a publicly reachable interface into your LAN, don't fucking use your piece of shit router to do it. It's probably chock full of exploits anyhow, but that's a pretty moot point if you've left it wide fucking open for any random script to stumble across and access.
Hint: If you want people to take notice of advice about IT security, it may be more effective to speak respectfully than to let loose with an expletive-filled tirade
Re:The web crawler would only index it if... by Anonymous Coward · 2015-04-10 01:44 · Score: 0, Insightful

And if you have a web interface on your WAN port then you're most likely doing things very wrong to begin with. If you want a publicly reachable interface into your LAN, don't fucking use your piece of shit router to do it. It's probably chock full of exploits anyhow, but that's a pretty moot point if you've left it wide fucking open for any random script to stumble across and access.
Hint: If you want people to take notice of advice about IT security, it may be more effective to speak respectfully than to let loose with an expletive-filled tirade
Counterhint: if you think kissing someone's ass just to get them to do something in their own best interests, that they should have already known from the slightest little bit of RTFM, for free, is acceptable, then your testicles have become unattached and stored in a jar someplace.
No the problem is that stupidity is not painful enough. It does not command respect because it does not deserve respect. Let the morons choose what is more important to them: their egos or their security.