The Problem of Search Engines and "Sekrit" Data 411
Nos. writes: "CNet is reporting that not only Google but other search engines are finding password and credit card numbers while doing its indexing. An interesting quote from the article by Google: 'We define public as anything placed on the public Internet and not blocked to search engines in any way. The primary burden falls to the people who are incorrectly exposing this information. But at the same time, we're certainly aware of the problem, and our development team is exploring different solutions behind the scenes.'" As the article outlines, this has been a problem for a long time -- and with no easy solution in sight.
Oh Yeah? (Score:4, Funny)
This is very serious. Could you please post the exact search engines are query strings so I can make sure my information isn't there?
Knunov
Re:Oh Yeah? (Score:5, Funny)
By the way, does google have that realtime display of what people are searching for?
Google exploit patch for Apache (Score:4, Funny)
% cat > robots.txt
User-agent: *
Disallow:
^D
%
The Problem of Search Engines and "Sekrit" Data (Score:4, Funny)
The Problem Incompetent System Administrators
If data is 'sekrit'/sensitive/confidential - don't put it on the web. It's as simple as that. If that data is available on the web, search engines can't be blamed for finding it.
I've got a solution! (Score:5, Funny)
Brilliant, huh? ;-)
On second thought, maybe I shouldn't post this... some PHB might actually think it's a good idea.
Google exploit patch 0.2 for Apache (Score:2, Funny)
% cat > /var/www/html/robots.txt /
User-agent: *
Disallow:
^D
%
Hell, No. (Score:1, Funny)
Re:Insert foot in mouth.... (Score:2, Funny)
Re:Oh Yeah? (Score:2, Funny)
Yeah!
I just typed in my credit card number and found 15 hits on web sites involving videos of hot young goats.
Oh, for regular expression searching in Google (Score:5, Funny)
(Not, of course that I'd ever do anything like that...)
Searching with regular expressions would be cool, though...
Must... blame... someone.... (Score:3, Funny)
Why are stupid people not to blame for anything anymore?
Re:A symptom of poor programming... (Score:4, Funny)
Business Model (Score:5, Funny)
A while back there was a thread here about the weakness of the revenue model for search engines. Maybe we have found the answer, think about all the revenue that Google could generate with this data!
Anybody knows when Google is going public?
Blaming Google for this... (Score:3, Funny)
Re:Stopping Google won't stop the problem... (Score:5, Funny)
Uhh...no.
HTTP is an extremely basic protocol. Google's bots simply do a series of GET requests.
It would be possible that Google's bots have a database of username/passwords for given sites, but the more likely scenario is that they have stumbled across another way to get the "protected" information:
I ran robots for nearly 2 years and was harassed by many a Webmuster who could prove that my robots had hacked their site. They'd show me protected or secret data. It typically took 3 to 5 minutes to find the problem...usually the muster was the problem themself.
HERE'S A NOTE OF WARNING TO WEBMASTERS:
Black text links on black backgrounds in really small fonts are NOT secure.
Maybe I should get this posted to BugTraq...or would MS come after me??
Re:A symptom of poor programming... (Score:1, Funny)
Re:Nice work, Legion303. (Score:3, Funny)