This is such a common way to discover vulnerabilities:
“I was bored, and typed the name of my farm into Google to see what was out there,” said Marsha Bergmeier, president of Mohr Family Farms in Fairmount, Ill.
…
Bergmeier said she was able to identify almost 30,000 records in the database that contained Social Security numbers.
[CNET News.com]
It didn’t even take any fancy Google hacking to find this treasure chest of identity information. I wonder, how many other databases like this exist on the Internet? I’m sure we could ask identity thieves and spammers, who actively search for them on a daily basis.
The average citizen doesn’t realize how many databases his information is stored in. Trying to figure out which ones are accessible over the public Internet is damn near impossible. In fact, the government itself doesn’t know the extent of it. As the article says, this data was compiled years ago, when Social Security numbers were much less protected. Since they were never intended to be used as identification numbers, that is excusable. But now that we know better, maybe the government needs to take stock of legacy databases and do some house cleaning.
Post a Comment