[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Protect Insider Data By Googling First, Often
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-12-28 8:36:43
Message-ID: alpine.DEB.2.02.1112280236320.9665 () infosecnews ! org
[Download RAW message or body]
http://www.darkreading.com/insider-threat/167801100/security/security-management/232301074/protect-insider-data-by-googling-first-often.html
By Robert Lemos
Contributing Editor
Dark Reading
Dec 27, 2011
In June, a security researcher searching for passwords files on the
Internet stuck gold: A database file of 300,000 users of Groupon
subsidiary Sosasta had inadvertently been placed on a publicly
accessible online server. The company quickly took it down after being
notified, but the damage was done.
Google hacking, where an attacker searches for common vulnerabilities or
sensitive data, can be an extremely efficient way to find accidentally
leaked insider data. Millions of records are available to anyone with
the ability to create specific searches on Google and Bing and the time
to cull the results for interesting data, according to Francis Brown, a
managing partner at security consultancy Stach & Liu.
The incident involving Sosasta's data is not uncommon. In August, both
Yale University and Purdue University notified students, faculty, and
staff that a total of about 50,000 records, including Social Security
numbers, had been exposed to the Internet because specific files had
been publicly accessible.
"There are a number of instances where people, by accident, have found
huge data exposures," Brown says.
[...]
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic