antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  Things you don't want Google to find...
"McAfee's senior vice president for Risk Management George Kurtz demonstrated today at RSA conference, that didn't prevent users and organisations to post those goodies online for anyone to find.
"You almost get bored finding all these password files. It used to be fun in the old days when you found a password file. Now you just go to Google and find thousands of them," Kurtz said..."
Examples are shown.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
 
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR | Re: Things you don't want Google to find... Funny but everyone seems more worried about the government getting hold of any private/personal info. The Feds are the least of our worries. Now will the Feds step in to "protect" us? | |
|
|
 |
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
|  Re: Things you don't want Google to find...
said by wapu  :I showed this to a guy I work with and he started in on how google shouldn't do this. I take a different approach. I don't blame google, I blame the users who put that stuff out there. All Google does is find the data and present it when it is asked for. What do you guys think? Is it Googles responsibility to protect the data or is it the user's? Computers can't decide what is right and wrong. All they do is search and collect datas. People need to not put the stuff online if they don't want to be shown. Computers (Google indexers) are just doing their jobs.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check almost daily)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. | |
|
| 
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| said by wapu :I showed this to a guy I work with and he started in on how google shouldn't do this. I take a different approach. I don't blame google, I blame the users who put that stuff out there. All Google does is find the data and present it when it is asked for. What do you guys think? Is it Googles responsibility to protect the data or is it the user's? Then I guess you think it's ok to go here and start rooting around? Please let us know what you find before they find you. 
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding. | |
|
| 
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by wapu :I showed this to a guy I work with and he started in on how google shouldn't do this. . . You see this attitude a lot with people who are new to computers and networks. They haven't learned that it is the user's responsibility to know what should be placed on a network and what shouldn't. Neither have they seemed to grasp that data placed on a network is done so with the express purpose of making accessible, with certain restrictions of course, to others who share the network. And the tools used to manipulate and use the data are to make the available information easier to find. If one doesn't want something to be seen by others on the network it doesn't belong there, it's that simple.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 | |
|
| | 
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
 ·Verizon Online DSL
1 edit | Re: Things you don't want Google to find... What exactly are you getting at here?
quote:
If one doesn't want something to be seen by others on the network it doesn't belong there, it's that simple.
So information given to utilities, banks, filing for taxes, college, etc. ends up on the web it is because they wanted it there?
I think it is more like the mishandling of information by institutions is more prevalent then citizens just arbitrarily posting their private information on the web.
Edit* Corrected there not their.
--
Fx Pacifica Branch, Tb Patrocles Branch, Fx Portable, Tb Portable
All nightly builds. | |
|
| | | mendsl2
join:2003-10-16
| Re: Things you don't want Google to find... Growing pains. These types of situations help raise security awareness while pushing technology and security to another level. Sure that is a hard way to learn a lesson but it pushes people to become aware of the consequences of jacking their data in to the Web. Google is just doing its job and doing it quite well I might add.
Remember when ISPs didn't really filter any ports or services? Well maybe you remember Code Red or Nimda because that is what made those viruses so successful. So do you then blame Windows for providing NetBIOS services and tell Microsoft "they shouldn't do that"? The fact that people didn't fully understand the concept of Windows file sharing via TCP/IP is what made them vulnerable (and the bugs, code flaws and configuration issues). I am in no way plugging Windows file sharing or defending Microsoft's file sharing model here but merely providing another example of a situation that left peoples' sensitive data hanging in the breeze.
I feel that the holder of the data is responsible for securing said data no matter if it is an institution or Joe A. User. | |
|
| | | |
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| Re: Things you don't want Google to find... quote:
I feel that the holder of the data is responsible for securing said data no matter if it is an institution or Joe A. User.
I agree with that to an extent although without full access by a citizen to their data being held by some of those places of trust you have no control over. Example the release/sale of data that is mishandled, stolen etc.. I think you would have to be a mind reader or see into the future to do all you and the poster think a citizen should be able to do to prevent/contain privacy loss etc.
As to Google I could care less what they gather. All information is fair game to an Internet information gatherer. It is just doing what it was programmed to do.
-Greg
--
Fx Pacifica Branch, Tb Patrocles Branch, Fx Portable, Tb Portable All nightly builds. | |
|
| | | | | mendsl2
join:2003-10-16
| Re: Things you don't want Google to find... I totally agree with you Grail Knight. Once your info is in the hands of another party they are responsible for keeping it secure. Here is a perfect example of this gone wrong:
»blogs.ittoolbox.com/security/inv···7568.asp
I feel it is clear that the newspaper is totally responsible for the release of sensitive data and that the customers had no control over this whatsoever.
Okay, back OT since this supposed to be about Google. ; ) | |
|
| | | | | |
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | Re: Things you don't want Google to find... That is a very good example.
Back to Google. | |
|
| |
| 
zetan
Heart Of Steel
Premium
join:2003-11-22
Vallejo, CA
| said by wapu :I showed this to a guy I work with and he started in on how google shouldn't do this. I take a different approach. I don't blame google, I blame the users who put that stuff out there. All Google does is find the data and present it when it is asked for. What do you guys think? Is it Googles responsibility to protect the data or is it the user's? So you pull down your pants and bend over. Then complain if someone comes along and pops one in.
Google is not to blame for what can be found. Not IMHO.
--
No regrets.. ever. | |
|
| | 
bcool
Premium
join:2000-08-25
The Ozarks
1 edit | Re: Things you don't want Google to find... said by zetan :Then complain if someone comes along and pops one in. ouch. I didn't see that metaphor coming...
To those who don't think so:
I think Google Desktop is a good idea. Perhaps its implementation needs a little retooling, I don't know. But it's silly to say that GDS is a bad idea. It can be a very useful tool.
--
"in flagrante delicto" | |
|
| Stumbles
join:2002-12-17
Port Saint Lucie, FL | Easy answer...... users fault. | |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | George Kurtz is one of the Foundstone boys (they got bought by McAfee) - really smart guys. | |
|
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
| If the average person thinks that Spyware is less damaging than a Virus or Trojan then what makes people think those same people would see Google Desktop or other FREE services as anything more damaging than a pretty screen saver?
--
Black, Grey and White Hats Unite here -> »testing.OnlyTheRightAnswers.com | |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
|
... I don't want to become the Google Defender, but why lay all the blame at their feet when people behave stupidly ? ... if you're not smart enough, or you can't be bothered to secure your data, you shouldn't be surprised when someone else gets it ... I think Google Desktop is a bad idea, but I doubt that will stop anyone from using it ...
... as I said before, it's Evolution In Action ... and, as Jerry Springer proves every day, we will never run out of nitwits ...
--
... "Do You Know Where Your Towel Is ?" ... | |
|
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| I agree that this is the user and/or the institutions fault if data which should have been inaccessible from the internet was not. One cannot blame Googlebot for following public links. After all, that is what it is supposed to do.  These facts do not bestow anyone with a license to seek out and use such data for their own purposes however.
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding. | |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| How exactly would google even start to protect this information? By not browesing it in the first place? Ok good idea but payroll.xls hmm what about employchecks.xls or paycheck.xls or pckemp.xls or 1243wgths.xls ?
There are to many possible sensable names for employee data file names let alone random crap file names.
There for imo its not googles job to attempt to protect this sort of information by not allowing searches for it. Maybe in rare cases by request of a softwares programer(s) google could remove results or filter results. Such as we seen with phpbb and a few other website software titles. Even in these cases it is not googles responability to prevent searchers or their job. If google admins decide to block these results they do so as a favor to programer/company and nothing else.
I find it intresting that google has filtered phpbb results (index.php or what ever it was) They did not do this because it would make them money they did it by choice as a favor to the softwares authors and the softwares users to slow down the hacking that was going on of these boards.
Again its not googles jobs to protect inept admins and users of such things it is the admins and users jobs to protect their data.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com | |
|
| 
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| Re: Things you don't want Google to find... said by novaflare :Again its not googles jobs to protect inept admins and users of such things it is the admins and users jobs to protect their data. -- That's true of the data that Google indexes & serves via it's search engine because it's data that already is/was available for public viewing (that's how Google got it in the first place), but this is a different animal altogether & has nothing to do with Google as we now know it. Despite any waivers in the TOS to the contrary, it will be Googles job to safeguard the servers as well as the data on them.
I'd agree that any admin transferring anything sensitive in this manner would be labelled "inept" | |
|
OZO
Premium
join:2003-01-17 | Don't blame the messenger... | |
|
|
| OZO
Premium
join:2003-01-17
| Re: Things you don't want Google to find... said by jbob :What would happen if Google cached some accidently exposed credit card info? Would they then wipe that data from their database or even be required to? The answer would be simple - change that CC and sue those who have published your personal info.
What was published - remains so...
--
Keep it simple, it'll become complex by itself... | |
|
| 
TerryMiller
Premium
join:2003-10-23
| said by jbob :I'm not sure how anyone else feels but if Google was serving any personal/private data of mine, no matter how they got it, I think I might get me a lawyer and see about getting my personal/private data removed. You'd have to go to the institution that exposed it first or it'd just get rediscovered. Don't forget the remaining search engines as well.
said by jbob : Just because some inept admin allowed private data to be exposed for Google to cache doesn't make it alright for them to again open it for others to see. If you asked them to remove it after the original data was removed and they refused then I'd agree with you.
said by jbob : What would happen if Google cached some accidently exposed credit card info? Would they then wipe that data from their database or even be required to? As stated earlier they didn't expose it. They just made it easier to find. You can build your own web crawler, there are even toolkits to do so. It's just easier and more efficient to use theirs. | |
|
Khaine
join:2003-03-03
Australia | Maybe it is time that we require a licence before you can use a computer
*sigh* | |
|
|
|
|
