February 10, 2004

Are Googledorks reading your secrets?

If your personal or corporate private information is on the Net, it may reside somewhere accessible to "Googledorks." Once indexed and archived by a search engine, data is hard to resecure from "Googlehacking," the practice of searching the Net for unlocked "back doors" to information. "Online Search Engines Help Lift Cover of Privacy" (More ... )

Johnny Long, a CSC researcher, speaks and writes on the subject and told the Post: "The scariest thing is that this could be happening to the government and they may never know it was happening," Long said. "If there's a chink in the armor, [the hackers] will find it."

Ed Skoudis, an INS Inc. consultant called it "point-and-click hacking" and tells of using search engine tricks to find a spread sheet with thousands of Social Security and credit card numbers in an exposed sector of a bank's network.

An FBI spokesman, Paul Bresson told the Post that such activity is not necessarily illegal, if the information accessed is not subsequently used for some improper purpose. "I don't know what law's been violated just for searching" on a publicly available search engine, he told the Post.

Source: "Online Search Engines Help Lift Cover of Privacy," (Washington Post, 2/9/04; Page A01).

Thanks, again to Sabrina Pacifica

See also Wired News: Google: Net Hacker Tool du Jour (March 4, 2003).

Such searching may have been the way Diebold's e-voting emails got out in the public domain, for example.

Controversy continues over proposals to extend copyright protection to databases. If mere "sweat of the brow" compilations of facts, they have little or no copyright protection under US law except those parts that may qualify as creative elements. Feist Publications, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340 (1991).

Regarding proposals to extend copyright protection to databases see, e.g. , a 9/23/03 statement of David O. Carson, General Counsel, United States Copyright Office regarding the "Database and Collections of Information Misappropriation Act of 2003."

On January 21, the House Judiciary Committee reported out the Database and Collections of Information Misappropriation Act (DCIMA), H.R. 3261.

See a critical student comment on the bill, calling it "unconstitutional and misguided."

Were mere collections of data protected by copyright, the DMCA's anti-circumvention rules (and accompanying criminal penalties) might apply to them, even if someone "went around" the access control tools via an unlocked back door. The DCIMA may go farther, but may require judicial testing of its validity.
Comments?

DougSimpson.com/blog

Posted by dougsimpson at February 10, 2004 07:25 AM | TrackBack
Comments