Searching For Trouble With Google 506
achilles writes "From a recent eWeek article: 'Whether they realize it or not, many people leave sensitive information out in plain view on Web sites. But sooner or later, a Google search will dig it up.' The article goes on to list some examples such as 'a search for credit card numbers. Try this one, for "Visa 4366000000000000..4366999999999999' and other 'risky data' from careless users, such as QUICKEN files etc."
What I'm more surprised by (Score:5, Interesting)
Liability (Score:5, Interesting)
Also, maybe those numbers are traps to catch people? Surely you need those goods to be sent to an address and someone has to eventually pick it up.
Try phpMyAdmin (Score:5, Interesting)
This will give you some nice databases to browse through.
N.O. has a nice article on google searches also. (Score:2, Interesting)
on the google link in this article... (Score:2, Interesting)
Terrifying (Score:5, Interesting)
It's way too late to warn these people about the files. Their current identity is toast. So is their credit for the next seven or so years.
Is there anything we can advise these people to do to minimize the damage at this point?
Re:Nothing wrong with this... (Score:5, Interesting)
Re:I blame the Google Toolbar for a lot of this (Score:5, Interesting)
If you mean security through obscurity then you're describing the current situation on the net, but the article states that Google is removing the obscurity aspect by making the entire net accessible. We no longer have any kind of assurance than a given nook or cranny is too obscure to bother with.
I agree that people shouldn't leave their personal data lying around, but to simply assume that the general public can adopt security measures that we, the
Re:Address (Score:1, Interesting)
Re:only few matches (Score:3, Interesting)
Re:I blame the Google Toolbar for a lot of this (Score:3, Interesting)
Try out these searches on Google:
Re:Nothing wrong with this... (Score:5, Interesting)
That lost letter contains more information than I'd give out to anyone who's not an authorised government official (policeman, doctor, etc). Through no fault of my own, and despite my vigilance (I shred and burn every bit of correspondence that has my name and address on it, let alone financial or other personal details) that information is now potentially in the hands of someone unscrupulous.
If anything untoward were to happen, I have virtually no recourse, as it would be nigh on impossible to actually prove where my details were obtained and (as far as I know) it's impossible to get a new NI number: I'm stuck with the one that's issued to me at 16 until the day I die.
eBooks (Score:3, Interesting)
P2P is Worse (Score:5, Interesting)
I'm pretty laissez faire on this one. If you leave your keys in the car and car running, the insurance company won't cover its theft (or at least, so goes the lore). Same principle applies here, I think.
-db
Re:try this (Score:2, Interesting)
Try it!
-Aaron
Re:How many of you... (Score:3, Interesting)
given one erases the browser history rather quick ?
Google stores all searches somewhere ?
Re:Nothing wrong with this... (Score:3, Interesting)
Summary (Score:2, Interesting)
Re:Nothing wrong with this... (Score:3, Interesting)
Perhaps this is an area where the likes of third-party merchant services such as 2checkout.com, Paysystems, and iBill can really shine. Ignoring the problems these specific merchant services have had, the model of passing the user to a secure page provided by a "trusted" company to enter credit card details could be a good marketing gimmick.
Let's say you're shopping at <insert your favorite pricewatch merchant here>. You're tempted to make a purchase because their price is so much lower that your usualy merchant of choice. Would you prefer to enter transaction details directly on their web site and trust them to store your information in a secure way, or would you prefer a system where you are passed to visa.com or citibank.com to enter the transaction details, which are never given to the merchant, just a check in the mail every 2-4 weeks?
Just like how web sites plug their SSL cert seals with a verification image and link ("Secured with Thawte 128-bit encrypted - click here to verify"), perhaps the site could advertise something like, "For your protection, we do not store your credit card information anywhere on our servers. You will be passed to a secure page at Citibank.com and your transaction details will not be viewable by anyone but you. Click here to verify our partnership with Citibank.com". Okay, that sounds lame, but you get the idea. To me, it's reassuring that my transaction is being handled by a company whose best interest is in avoiding fraud versus passing them to a1discount-computer-parts.biz or whatever to store them as cleartext in their MySQL database...
TWO WORDS!!!!!! (Score:5, Interesting)
Re:I blame the Google Toolbar for a lot of this (Score:3, Interesting)
Nice links. In the same vein, try variations of this:
"company confidential" filetype:ppt [google.com]
Re:Nothing wrong with this... (Score:3, Interesting)
One drawback was that this additional service came at an extra service charge of a few dollars per month (can't remember the exact amount). If anyone hears of an American bank doing this, either online or in California, please let me know. I've heard of American banks having a similar service for preauthorizing checks (via fax), but what I saw in France is taking it quite a step further.
Re:How many of you... (Score:3, Interesting)
But, given that they must already have your card number in order to turn up on the list, this isn't actually a problem.
Re:Terrifying (Score:3, Interesting)
Notify them via a phone call, using the Relay phone system [att.com] for the deaf.
Not exactly a good use of the service that we all pay for, but it's fairly anonymous, and you can be non-threatening.
Re:Keys in the ignition (Score:2, Interesting)
The insurance companies will try to bully you into thinking that they don't have to cover you, but they do. However if they can convince you that they don't have to and you just go away then they don't have to pay you. This is the usual course of action.
Luckily my father has a good insurance broker who knows the law and wouldn't let his client be bullied. Its astounding what insurance companies can get away with.
This of course after them pleading poor to the Canadian government only to report record profits a couple of months later. What's $2.6Billion among friends? Now that is in Canadian funds but it still works out to about $100US or so
One-time numbers are key (Score:3, Interesting)
I'd like to see more of that kind of thing, preferrably all of the following as options:
"Good everywhere all the time, with no control at all" just seems like a bad idea. But since banks either shit on the consumer or the merchant when it comes to fraud, they have little incentive to secure the system. When they pass the new bankruptcy bill in congress, even shoddy lending practices will be given a pass as well.
Re:this was on cryptome (Score:1, Interesting)
mpdsecret [google.com]
Who would beleive that it would get this [supranet.net] back ?
Re:P2P is Worse (Score:2, Interesting)
Second (just a detail): If I had P2P running on my home PC, I'd post my doctoral thesis. It is published anyway (just check out your favourite universities' library), I don't earn money from selling it (in fact, you can find it online), so why not use P2P to distribute it. Hey, that's supposedly the official justification for P2P, not illegal MP3s!
Just Call Them and help them out. (Score:5, Interesting)
Interesting Stuff (Score:1, Interesting)
I am not saying any more. My boss told them what they had done, they know who we are and there could be repercussions. But anyway, I'll google for the same information again in a few months' time and see if it's there. If so, I might do a write-up. In my book, if you leave your valuables lying around where you know there are thieves, you deserve to be taught a lesson -- and you should be glad with knowing that your valuables are being taken care of by someone like me, rather than broken by some of the thugs out there.
I got over 10,000 pages of credit card listings! (Score:5, Interesting)
For Visa, I did this one [google.com] and got 2450 pages of listings of credit card numbers. Doing the same for Master Card [google.com] returns only another 481 pages - not just card numbers, but web pages containing numbers - and some are test pages to demonstrate how LUHN codes work, but I don't think they all are. Oh, let's not leave home without American Express [google.com], where we can find a whopping 7,780 pages of listings!
I don't think they are all tests. Some include the number, expiration date, plus the name, address and telephone number of some people who apparently placed orders on-line. A great way to commit fraud or implement identity theft, wouldn't you say?
My guess is that if you called some of these people you would find out that yes, that is their credit card number and they had no idea it had been exposed.
Oh, I forgot to troll for Social Security Numbers [google.com]. Now that returns 7 million pages, most being things like zip codes and such, but it wouldn't be hard to do that by redoing the search on an automated basis by inserting the '-' where appropriate and generating several thousand searches. At random I picked a range and tried all Social Security 301-01 numbers [google.com], and got 115 pages. Not only that, but the text ad from Google was for a company that offered on-line searches of social security information! Very helpful too!
Paul Robinson
Re:Nothing wrong with this... (Score:3, Interesting)
I'm in Germany at the moment, and we have a pretty good system for transactions don't involve cash currency. Most people here don't use credit cards or cheques; they use bank issued debit cards, and bank transfers.
The debit card can only be used in person. You have to supply the card
There's a surprising number of bank transfers
For every bank transfer you make, you have to supply a transaction authorization number (TAN). When you open an account, you're given a sheet with a couple hundred of these numbers, and you have to use them in sequence. When you want more, you go to the bank, present a valid ID of somesort, and get another sheet.
It's a pretty good system, very convenient, but would require quite a bit of infrastructure changes in the US
Asking for Trouble! Zeitgeist (Score:3, Interesting)