Ramblings of an old Doc
Published on April 11, 2011 By DrJBHL In Personal Computing

 

 

Stephen Chapman has made a startling find regarding personal info. You need to read his article:

http://www.zdnet.com/blog/seo/beware-social-security-numbers-available-online-via-indexed-tax-documents/2819?tag=nl.e539

You think he’s a hacker? No… this was freely available using a simple browser and simple search questions:

“Sadly, the 50+ documents I have made note of do not even begin to scratch the surface of what is actually available out there between all the types of search engines there are these days. To note, the results of my investigation are primarily based on just two very simple Web queries using just one search engine. Additionally, I tried other specialized search engines just to see what kind of results they would yield and the results were dumbfounding. I didn’t take the time to sift through them simply because I didn’t have to.”

It’s tax season, and for that reason, I’m posting only the conclusions he came to (and these are excellent recommendations!) and remember, your kids’ and wife’s SS numbers (etc.) are available on the tax forms! Imagine the damage possible. The kids won’t discover it for years!

His conclusions:

“1 - DO NOT STORE PRIVATE INFORMATION ONLINE! That’s about as cut-and-dry as it gets.

2 - If you must store private information online, then enable authentication which requires you to log in prior to being able to see and download the contents of a directory. Additionally, password-protect your files and change or encrypt file names so that they cannot show up in searches related to their file names or provide intrigue for potential intruders (i.e. if someone is digging around for tax information on your site and they see a file called “Tax-Information-2011.ppsx”, then they’re most certainly going to be sure to check out that file).

3 - If you find your information has been indexed in a search engine, remove your file(s) immediately from your Web site, then contact the search engine to have both the indexed and cached results removed. Don’t just remove the file(s) from your site, because someone could still view a search engine-cached version of the file(s).

4 - To see if your information has been compromised, check any and all logs from your Web site dating back to the day you placed the file on your site. If you see download activity on your file(s) from an IP address you do not recognize, then there’s a good chance your personal information has been compromised. Acceptance will undoubtedly be difficult, but it’s necessary to move forward with preventing further damage.

5 - If you suspect you have become a victim of identity theft, it may behoove you to obtain a credit report, sign up for credit monitoring, and reach out to your local FBI branch to report any findings you may have with regards to your personal information being stolen and utilized.”


Comments (Page 1)
2 Pages1 2 
on Apr 11, 2011

I would never... ever store data online, not even non-personal, non-sensitive data.  I have more than adequate storage within my PC and on external drives, so I would not consider for a fleeting moment to pay some company to do what I can already do but better.... and if I ever need more storage I'll simply buy another external HDD

Like an old mate used to say: "My name's Billy Sugger... NOT Silly Bugger.

on Apr 11, 2011

starkers
and if I ever need more storage I'll simply buy another external HDD

That is what I did. Safer, don't you think?

on Apr 11, 2011

starkers
"My name's Billy Sugger... NOT Silly Bugger."

on Apr 11, 2011

How many are out there? Zillions. That many opportunities for a thief. How many will actually 'not' put their info out there. Too late for that, its already there. As for me. I never did nor ever will do taxes on line. Why do something and pay for it when I can do it myself and only pay for the paper to do it on. Sadly every body and their mother is gonna jump all over this cloud based online stuff without so much as batting an eye. And they don't even know it.

on Apr 11, 2011

Wow!  Some people should have their brains checked for intelligence, that's for sure!

on Apr 11, 2011

You scared me with the headline!  And the article is good and timely.  But I thought you were talking about Turbo Tax, Carbonite or the IRS!  I trust them to at least try to be confidential. (not for anything else however).

One of the reasons I do not believe in cloud computing (for the individual - like MS Office 10) is for this very reason.  If I buy a service like Carbonite, I trust them to be honest in their presentation so that my documents are at least somewhat safe (nothing is fool proof after all).

on Apr 12, 2011

Well I never store any sensitive data online except username and passwords.

on Apr 12, 2011

I've recently deleted a lot of stuff I had on Google Docs, that didn't need to be there, and left the stuff that I didn't mind what happened to it, or was protected by a strong (both number of bits and algorithm strength) password system.  Especially with hard drives being so cheap (even external hard drives) it makes sense to back up all your important stuff onto the external drive (including things like Acronis drive images) and have that kept at another house, and for small files you want kept in another location to back up with a strong password on Google Docs or Dropbox etc.  It's about playing the percentages, and just as putting your whole life on Facebook is not a good idea, so is putting sensitive data that could cost you, onto a service that is largely controlled by someone else, not really a good idea either.  However I firmly believe that as time goes on, you do tend to get the more workable and sensible ideas doing the best in big systems and societies.

Btw: I think LastPass stores your username and password as a hashed blob, so they can't even be forced to give out your username and password, because there is never a stage they store it in plain text format on their systems.  The blob is enough to identify you, and you can even back up your LastPass account login with a printable "Battleship-type" grid (for example, what number or letter is in A6, E1, D10 etc, different co-ordinates each time) as secondary authentication, so unless you have already passed that test for a particular browser and made it preferred. you can't get in either.

I also use KeyScrambler.

Best regards,
Steven.

on Apr 12, 2011

I don't mind storing data in places like TurboTax and such but it seems the point is being missed here. At first I didn't get it but what the story says is that people are storing information on their site, say like I have a blogger site where I can upload files. This is not a safe place to put things. Now, if I use my skydrive I should not expect anyone to have any access to it except me or unless I give access to it.

on Apr 12, 2011

superman
Well I never store any sensitive data online except username and passwords.

That'd be like sliding down a 40 foot razor blade and squeezing your bum cheeks together as brakes.

Inevitably you're gonna get cut.

on Apr 12, 2011

That'll smart.

on Apr 12, 2011

Yeah, I think I get what is meant now by "Online Data Storage" ie. one's own web-site.

Best regards,
Steven.

on Apr 12, 2011

starkers
That'd be like sliding down a 40 foot razor blade and squeezing your bum cheeks together as brakes.

I'd rather floss with a chainsaw. LOL

on Apr 13, 2011


Quoting starkers, reply 10That'd be like sliding down a 40 foot razor blade and squeezing your bum cheeks together as brakes.

I'd rather floss with a chainsaw. LOL

Or perform an appendectomy on yourself with a butter knife.... or an enema with a fire hose.

I think my worry with online storage would be Google and its ability to meddle with your emails to insert target specific advertising, its ability to access pretty much EVERY website on the net... its ability to access the personal details of members of dating sites [ala my former brother-in-law] and create a search profile that anyone can read just by googling the name.

For me, Google is the red flag that prevents me doing stuff others might do online.  For example, searching for a bit of online smut [porn] to see what I might be missing out on because I don't want the schmucks at Google to know that I made inquiries about topless Dolly Parton pics. 

One day I might win a competition to meet her in person at 'Dollywood', and I wouldn't want it coming out over morning tea that I did that because Google stored my searches for future reference.

I mean, my fantasies should be my own, right? 

OOPS  

on Apr 13, 2011

starkers
Google to know that I made inquiries about topless Dolly Parton pics.

One day I might win a competition to meet her in person at 'Dollywood', and I wouldn't want it coming out over morning tea that I did that because Google stored my searches for future reference.

Dream on Pirate!  Dolly is having tea with me!

2 Pages1 2