http://www.darkreading.com/insider-threat/167801100/security/security-management/232301074/protect-insider-data-by-googling-first-often.html By Robert Lemos Contributing Editor Dark Reading Dec 27, 2011 In June, a security researcher searching for passwords files on the Internet stuck gold: A database file of 300,000 users of Groupon subsidiary Sosasta had inadvertently been placed on a publicly accessible online server. The company quickly took it down after being notified, but the damage was done. Google hacking, where an attacker searches for common vulnerabilities or sensitive data, can be an extremely efficient way to find accidentally leaked insider data. Millions of records are available to anyone with the ability to create specific searches on Google and Bing and the time to cull the results for interesting data, according to Francis Brown, a managing partner at security consultancy Stach & Liu. The incident involving Sosasta's data is not uncommon. In August, both Yale University and Purdue University notified students, faculty, and staff that a total of about 50,000 records, including Social Security numbers, had been exposed to the Internet because specific files had been publicly accessible. "There are a number of instances where people, by accident, have found huge data exposures," Brown says. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Dec 28 2011 - 00:36:43 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 28 2011 - 00:33:57 PST