FC: RFID files marked "confidential" leaked from MIT group (oops!)

[Declan McCullagh <declan () well com>]

---

From: "J.D. Abolins" <jda-ir () njcc com>
Reply-To: jda-ir () njcc com
To: Declan McCullagh <declan () well com>
Subject: Cryptome, RFID documents, Web error (?), and more
Date: Mon, 7 Jul 2003 20:15:16 -0400

Today (7 July 2003), the Cryptome.org site posted an item about a collection
of "confidential" documents that were posted on the MIT AutoID Center's Web
site. The "confidential" documents were placed so that anybody using the old
trick of searching for words such as "Confidential" in the site's search tool
would not only find the listing of the documents but also viable links to
them.

At a quick glance, it appears to be another case of a site relying upon
obscurity for limiting access to online documents rather than more distinct
access control techniques, encryption, etc. In the case of other Web site
where documents intended to be limited access were open to the world, the
assumption was that if there were no links from "public" pages (and perhaps a
robots.txt to tame the spiders), then the documents were accessible to only
the people who knew the URLs. Yes, and to people using site search engines.
<g>


-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------