Wednesday, January 05, 2005

Beware what you put online ... there be google hackers

It seems to be common sense that you shouldn't expect anying you put online to stay private. Security through obscurity does not really exist in the face of the almighty google. Metafilter has a post (with comments) about how a simple google search can find networked surveillance cameras, many of which I am sure are only meant for "internal use". (See Join Google, see the world | Metafilter.) This is but one amusing example of "google hacking".

Google hacking is a technique that can be used to find "private" information that has been indexed by Google, probably without the user's knowledge. (See Google Hacking Database.) Some google hacks can even lead to lists of credit card numbers (Google queries provide stolen credit cards | CNET and passwords.

On a related note, a high-profile couple from Utah has recently learned the hard way that if you put nude photos of yourself in an online photo service, you're asking for trouble: | 'Raid' can be embarrassing - or worse:

" A prominent, married Utah couple recently photographed each other in the nude. They thought that storing the private shots at one of the new free, online photo storage-and-sharing sites would clear up space on their home computer, and that it would be secure.

They were wrong, which they learned when copies of their photos were sent to the news media.

'This has been an absolutely horrendous, mortifying experience,' the husband says. 'We never wanted anybody to see them.'

While the media chose not to publish the photos or identify the couple, judging that would unfairly intrude on their privacy, the pair became unwitting examples of just how dangerous it can be to store anything sensitive online, or on any computer that connects to the Internet, without serious firewalls.

The couple insists they never told anyone the photos existed or ever shared them. Computer experts say that is possible, and that enemies or thieves can remotely raid computers of the unwary to find and exploit files and passwords. But they add that most people are careless enough that the most high-tech types of raids are not really needed."

The moral of the story is don't put it online if you don't plan to share it with the world. Period.

No comments: