Information Security News mailing list archives
Protect Insider Data By Googling First, Often
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 28 Dec 2011 02:36:43 -0600 (CST)
http://www.darkreading.com/insider-threat/167801100/security/security-management/232301074/protect-insider-data-by-googling-first-often.html By Robert Lemos Contributing Editor Dark Reading Dec 27, 2011In June, a security researcher searching for passwords files on the Internet stuck gold: A database file of 300,000 users of Groupon subsidiary Sosasta had inadvertently been placed on a publicly accessible online server. The company quickly took it down after being notified, but the damage was done.
Google hacking, where an attacker searches for common vulnerabilities or sensitive data, can be an extremely efficient way to find accidentally leaked insider data. Millions of records are available to anyone with the ability to create specific searches on Google and Bing and the time to cull the results for interesting data, according to Francis Brown, a managing partner at security consultancy Stach & Liu.
The incident involving Sosasta's data is not uncommon. In August, both Yale University and Purdue University notified students, faculty, and staff that a total of about 50,000 records, including Social Security numbers, had been exposed to the Internet because specific files had been publicly accessible.
"There are a number of instances where people, by accident, have found huge data exposures," Brown says.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Protect Insider Data By Googling First, Often InfoSec News (Dec 28)