Scandals involving leaks of personal information on the Internet in recent years there with enviable regularity. Just recently discovered that in the search results of "Google" it is possible to obtain information about jobs in various online stores, including sex shops. In an open access was complete information about the customer, including name and full mailing address, as well as the contents of the order.
To do this, just enough to type a query «inurl: 0 inurl: b inurl: 1 inurl: c status of an order." Such a terrible gibberish actually stands for is quite simple: we ask to find pages that contain the phrase "order status", and in the URL of the page should present the symbols "0», «b», «1» and «c». Incidentally, in 2009, with the appearance in the query language of "Google" operator «inurl:» experts warned that in the first place hackers will appreciate its advantages, which will pick up sites that use repetitive engines with known vulnerabilities.
So in this case fell under the distribution of customers of online stores that use the script WebAsyst Shop-Script. Naturally, the extreme in this case is not found. The owners of online stores charge "Yandex" that his robots poke your nose where you should not. "Google" says that just does its thing, and blame the site owners do not provide safety information.
Suspicion fell a set of services "Google." Supposedly all the affected sites were on board this "snake". Finding your way is difficult, but nevertheless the search engine Google, which has the same operator «inurl:», personal information will not allow extradition.
But be that as it may, and the rescue of drowning - the handiwork of drowning. And his own drowning, too. Users are much easier to work attackers. For example, in the search results on that same terrible request, I found a page that allows a person to check the status of your order. Field "Order Number" and «E-mail» had already been filled. In order to get detailed information requested log - enter your last name.
It seems to be good. But e-mail address look like familiya_imya@mail.ru! Naturally, after entering this very site helpfully opened family me complete information about the order. Yes and no very obvious addresses of the form "chto-to@mail.ru" easy to calculate the surname. Enough, for example, simply make a search of this address on the Internet or access social networking "My World". For this you need only to address my.mail.yahoo / mail / xxxxxx / xxxxxx replace this "something" from the address. Most probably we will get on your personal page owner. And this is not a burglary, the man himself posted it on public display. And as to the personal page you can find out almost everything.
Therefore, by registering on social networking sites, forums, online stores, remember - you disclose about yourself is often much more information than appears at first glance. And no one knows who to hit this information, and how he will use it. For example, it is not surprising that the employer did not take to the driver, who on a personal page tells us that not paying attention to traffic lights, even if he lives in does that, and just wrote nonsense. Therefore, adherence to a few simple rules simply need to:
1. Minimize the communication on the Internet. It is clear that for many this is tantamount to a smaller board to breathe. But in this case, we can reduce the risk to a minimum.
2. Limit the amount of personal information that is publicly available. Use aliases and nicknames that are not associated with a real name. It is especially important to teach this child.
3. Use multiple e-mail address: Separate - for business and personal correspondence, separately - a public address (for forums, shopping carts and so on). Public address must provide the minimum information about the owner.
4. For different accounts and services should use different passwords. If you remember many passwords is difficult, it is possible to develop a simple mnemonic rule. For example, this: my password - the word "spade", then the first three letters of the site address and the number corresponding to the length of the name of the site.
Naturally, all this should not replace but complement the use of antivirus software, firewalls and other tools in the arsenal of technical protection, which is powerless if the user himself puts personal information online.
To do this, just enough to type a query «inurl: 0 inurl: b inurl: 1 inurl: c status of an order." Such a terrible gibberish actually stands for is quite simple: we ask to find pages that contain the phrase "order status", and in the URL of the page should present the symbols "0», «b», «1» and «c». Incidentally, in 2009, with the appearance in the query language of "Google" operator «inurl:» experts warned that in the first place hackers will appreciate its advantages, which will pick up sites that use repetitive engines with known vulnerabilities.
So in this case fell under the distribution of customers of online stores that use the script WebAsyst Shop-Script. Naturally, the extreme in this case is not found. The owners of online stores charge "Yandex" that his robots poke your nose where you should not. "Google" says that just does its thing, and blame the site owners do not provide safety information.
Suspicion fell a set of services "Google." Supposedly all the affected sites were on board this "snake". Finding your way is difficult, but nevertheless the search engine Google, which has the same operator «inurl:», personal information will not allow extradition.
But be that as it may, and the rescue of drowning - the handiwork of drowning. And his own drowning, too. Users are much easier to work attackers. For example, in the search results on that same terrible request, I found a page that allows a person to check the status of your order. Field "Order Number" and «E-mail» had already been filled. In order to get detailed information requested log - enter your last name.
It seems to be good. But e-mail address look like familiya_imya@mail.ru! Naturally, after entering this very site helpfully opened family me complete information about the order. Yes and no very obvious addresses of the form "chto-to@mail.ru" easy to calculate the surname. Enough, for example, simply make a search of this address on the Internet or access social networking "My World". For this you need only to address my.mail.yahoo / mail / xxxxxx / xxxxxx replace this "something" from the address. Most probably we will get on your personal page owner. And this is not a burglary, the man himself posted it on public display. And as to the personal page you can find out almost everything.
Therefore, by registering on social networking sites, forums, online stores, remember - you disclose about yourself is often much more information than appears at first glance. And no one knows who to hit this information, and how he will use it. For example, it is not surprising that the employer did not take to the driver, who on a personal page tells us that not paying attention to traffic lights, even if he lives in does that, and just wrote nonsense. Therefore, adherence to a few simple rules simply need to:
1. Minimize the communication on the Internet. It is clear that for many this is tantamount to a smaller board to breathe. But in this case, we can reduce the risk to a minimum.
2. Limit the amount of personal information that is publicly available. Use aliases and nicknames that are not associated with a real name. It is especially important to teach this child.
3. Use multiple e-mail address: Separate - for business and personal correspondence, separately - a public address (for forums, shopping carts and so on). Public address must provide the minimum information about the owner.
4. For different accounts and services should use different passwords. If you remember many passwords is difficult, it is possible to develop a simple mnemonic rule. For example, this: my password - the word "spade", then the first three letters of the site address and the number corresponding to the length of the name of the site.
Naturally, all this should not replace but complement the use of antivirus software, firewalls and other tools in the arsenal of technical protection, which is powerless if the user himself puts personal information online.
0 comments:
Post a Comment