Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Searching For Trouble With Google

timothy posted about 10 years ago | from the dirty-deeds-done-dirt-cheap dept.

Security 506

achilles writes "From a recent eWeek article: 'Whether they realize it or not, many people leave sensitive information out in plain view on Web sites. But sooner or later, a Google search will dig it up.' The article goes on to list some examples such as 'a search for credit card numbers. Try this one, for "Visa 4366000000000000..4366999999999999' and other 'risky data' from careless users, such as QUICKEN files etc."

cancel ×

506 comments

Sorry! There are no comments related to the filter you selected.

Nothing wrong with this... (2, Funny)

Cytlid (95255) | about 10 years ago | (#10126856)

...it's called natural selection. Survival of the fittest... if people are that dumb to put stuff on the internet, so be it.

Re:Nothing wrong with this... (5, Informative)

stromthurman (588355) | about 10 years ago | (#10126879)

This may be seen as a nitpick, but it's actually an important point. It's survival of the "fit", not fittest. Evolution is about being *good enough*, not the best.

Re:Nothing wrong with this... (5, Funny)

chrish (4714) | about 10 years ago | (#10127030)

c.f. Microsoft's success in computer software.

Re:Nothing wrong with this... (-1, Offtopic)

It'sYerMam (762418) | about 10 years ago | (#10127051)

Disproof: "The fittest 50% of the population survived."

Re:Nothing wrong with this... (5, Insightful)

psyklopz (412711) | about 10 years ago | (#10126901)

It often has very little to do with *you*.

It quickly becomes your problem if you have done business with someone else and *they* are stupid enough to leave stuff in plain view.

It would be nice if we knew that everyone we did business with was intelligent enough not to do this, but realistically we probably can't

Re:Nothing wrong with this... (5, Insightful)

HeghmoH (13204) | about 10 years ago | (#10126994)

It would be nice if we could switch away from totally unverified financial transactions like the current credit card systems, and start using something that at least requires a PIN. That way, instead of having to trust every single company with which I do business, I only have to trust my bank.

Re:Nothing wrong with this... (1)

Short Circuit (52384) | about 10 years ago | (#10127074)

You mean like my debit card? It uses's Mastercard's infrastructure, and asks for a PIN.

Re:Nothing wrong with this... (1)

pjt33 (739471) | about 10 years ago | (#10127006)

This is why I don't use my credit card on the Web. I'd rather be paranoid and have to buy everything in shops than try persuading my credit card company that I didn't make those purchases totalling whatever my current credit limit is.

Re:Nothing wrong with this... (4, Insightful)

Yorrike (322502) | about 10 years ago | (#10127086)

Ask your bank for a second Credit Card with a few hundred dollar limit. Use that to buy stuff online, and if someone steals it, it won't cost you that much.

Re:Nothing wrong with this... (4, Interesting)

WIAKywbfatw (307557) | about 10 years ago | (#10127012)

I'll second that. A little over a month ago, a letter was sent to me but went missing in the post. That letter contained my full name, address and National Insurance number (similar to a US Social Security number).

That lost letter contains more information than I'd give out to anyone who's not an authorised government official (policeman, doctor, etc). Through no fault of my own, and despite my vigilance (I shred and burn every bit of correspondence that has my name and address on it, let alone financial or other personal details) that information is now potentially in the hands of someone unscrupulous.

If anything untoward were to happen, I have virtually no recourse, as it would be nigh on impossible to actually prove where my details were obtained and (as far as I know) it's impossible to get a new NI number: I'm stuck with the one that's issued to me at 16 until the day I die.

Re:Nothing wrong with this... (4, Insightful)

liquidpele (663430) | about 10 years ago | (#10126922)

The credit card thing is why I say my card was lost and get a new number every year... but quicken files? Come one people, you're making this too easy! What happens when Nigeria figures this out?

Re:Nothing wrong with this... (2, Insightful)

Scoria (264473) | about 10 years ago | (#10126942)

I realize that this was intended to be a joke; however, it is likely that many of these credit card numbers were derived from a malicious application. Although one might argue that anybody inexperienced enough to execute a malicious application is also "deserving," I have often observed that those individuals are -- perhaps ironically -- averse to conducting electronic transactions.

Re:Nothing wrong with this... (1)

xQx (5744) | about 10 years ago | (#10126953)

Actually Darwin called it "Survival of the best fit", not the fittest.

Re:Nothing wrong with this... (4, Interesting)

nial-in-a-box (588883) | about 10 years ago | (#10126972)

Yea except these are the idiots that will also sue Google and try to take them down because of their own mistakes. If you're in some sort of struggle with an idiot, you'll be ok, but may God help you if that idiot has a halfway decent lawyer.

Re:Nothing wrong with this... (1)

leonmergen (807379) | about 10 years ago | (#10127078)

Really ? Sounds kind of odd to me that a company that behaves as a medium between viewer and content, that provides a quick and easy way to find the content that is already there, gets sued for the content they don't even provide...

... unless you mean google cache, that might be a tricky one

Re:Nothing wrong with this... (1)

Short Circuit (52384) | about 10 years ago | (#10127094)

That's a risk Google takes by being a search engine.

Actually, that's a risk any business takes when they get as much attention as Google does.

Re:Nothing wrong with this... (2, Informative)

itsme (6372) | about 10 years ago | (#10127002)

none of the links found are from people who purposely put it online them selves, all you find are irclogs/hacker boards, where people exchange stolen card numbers.

Re:Nothing wrong with this... (1)

Raven42rac (448205) | about 10 years ago | (#10127024)

The fact is that people didn't put that there, it is merchants or others putting other people's information out there in the open. And mods/admins, how responsible is it to post specific numbers like that that easily lead to links of names and addresses. I certainly would not want my personal information out there like that. That is very wreckless, never something I thought I would see from such smart people.

Re:Nothing wrong with this... (2, Insightful)

lachlan76 (770870) | about 10 years ago | (#10127033)

I've accidently put my IM logs on the internet. Sometimes it can be easy enough to make a mistake (ie. deny,allow rather than allow,deny). A shitload of private stuff got out to everyone I know (I'm 14, so I have to be with these people a lot of the time), and now I use GnuPG with a 4096-bit key, and digest authentication.

You don't have to be dumb to make mistakes like this, a single typo can do it. Being dumb just helps.

My favourite.. (4, Funny)

Haydn Fenton (752330) | about 10 years ago | (#10127098)

"index of /admin" site:.gov

Pwned!

this was on cryptome (5, Informative)

jabella (91754) | about 10 years ago | (#10126857)

This was on bugtraq a week or two ago:

Check it out [securityfocus.com] and there was a discussion of it a few days later.

Someone actually has a whole forum dedicated to finding things you can do with google here. [ihackstuff.com]

Apparently this was even a DEFCON speech subject.

Re:this was on cryptome (3, Informative)

Anonymous Coward | about 10 years ago | (#10126965)

Someone actually has a whole forum dedicated to finding things you can do with google here.

Another good site is searchlores.org [searchlores.org]

It doesn't limit itself only to Google.

I blame the Google Toolbar for a lot of this (5, Informative)

twoshortplanks (124523) | about 10 years ago | (#10126861)

It used to be the case that If you put something temporarily in a directory on your webserver (that didn't have indexes turned) on you could simply give the URL of the file to a couple of people to have a quick look at and not have to worry about putting a password on the file. Because it wasn't linked from anywhere unless someone could guess the URL then no-one else wouldn't be able to find it.

This is no longer the case. The Google toolbar reports home to Google about sites people visit. Within a couple of minutes of someone viewing a URL that was private and only meant for them with a browser with the google toolbar installed the googlebot will come along to the site and grab the file for indexing. Nasty if you're not expecting it.

Re:I blame the Google Toolbar for a lot of this (4, Insightful)

makapuf (412290) | about 10 years ago | (#10126880)

Which in the long run is a good thing, because people will then use real security, and if it is not easy enough to set up, some solutions will emerge.

In the long run, thus, we'll have real security and ease of use.

Re:I blame the Google Toolbar for a lot of this (5, Interesting)

RsG (809189) | about 10 years ago | (#10126981)

Not to troll, but "real security and ease of use"? That's a contradiction in terms. Any system thats easy to use is almost certainly easy to crack (hint, the crackers have as easy a time as the user). Any secure system usually requires long passwords, encryption keys or something equally challenging. If your users keep their passwords the same for all systems, or have accessable copies to remind them, then the system isn't secure (remember last week when Gabe Newall's forum accounts got hacked because he used the same friggin password and it was easy to guess?)
If you mean security through obscurity then you're describing the current situation on the net, but the article states that Google is removing the obscurity aspect by making the entire net accessible. We no longer have any kind of assurance than a given nook or cranny is too obscure to bother with.
I agree that people shouldn't leave their personal data lying around, but to simply assume that the general public can adopt security measures that we, the /. crowd, consider adequate and easy to use is silly. What we need is internet education (the do's and do not's for the clueless).

on the right track, except for... (1)

ecalkin (468811) | about 10 years ago | (#10127056)

A lot of people can't/won't learn. I cross paths with people who don't want to know a damn thing about computers, they just want you use them.

I think the future model that works is that people will have to get 'experts' to do the tough stuff. Security, performance, reliability, etc. Everything the saleweasel said was automatic.

eric

Re:I blame the Google Toolbar for a lot of this (1)

It'sYerMam (762418) | about 10 years ago | (#10127095)

"That's a contradiction in terms."

Well, not really. If you think about it, the whole point of a password, which is very easy to use as long as you remember it, is that it's not easy for a cracker to get hold of it. Sudo is easy to use, but you still can't use it without enabling it, which requires the root password.
Ease of use is relative. Having to log out and log in as root to perform the tiniest administrative task is not ease of use, but it's no more secure than using su.

Re:I blame the Google Toolbar for a lot of this (5, Informative)

Max Romantschuk (132276) | about 10 years ago | (#10126890)

The Google toolbar reports home to Google about sites people visit. Within a couple of minutes of someone viewing a URL that was private and only meant for them with a browser with the google toolbar installed the googlebot will come along to the site and grab the file for indexing. Nasty if you're not expecting it.

Nasty? Yes.

But then again, as far as I know Google does respect robots.txt. It's not hard to make a robots.txt file to exclude whatever dir you wish to use for temporary private viewing.

And it's not that hard (on Apache servers) to make an appropriate .htaccess file either.

Re:I blame the Google Toolbar for a lot of this (5, Informative)

xQx (5744) | about 10 years ago | (#10127003)

The only problem with that is that hackers have a tendency not to respect robots.txt .. in fact, it's a great index of stuff to have a look at on public websites.

Re: additionally (2, Informative)

BitterAndDrunk (799378) | about 10 years ago | (#10127067)

A post like the grandparent highlights the gap between tech savvy and those who aren't.

Guess what - someone who isn't a /. reader is:

Probably the ones most vulnerable to Google mining (for lack of a better term)

The ones least likely to know what a robots.txt is, what it does, and how to utilize it to prevent stuff like this.

/. readers for the most part are paranoid and cautious enough to minimize their risk of exposure on the net (even without robots.txt) - it is the group of users (increasing every day mind you) who are semi-literate and don't have the time or inclination to become well versed in security on the net. And really, who can blame them? Most of them don't embrace computers the way many here do and view them as a necessary evil that can occasionally help them find pornography.

Re:I blame the Google Toolbar for a lot of this (1, Informative)

AndroidCat (229562) | about 10 years ago | (#10127082)

But do hackers have access to the information snitched by the Google Toolbar? If not, then there might be no easy way to crawl to those pages. (No links from visible pages, no dir listings.)

Sure, the page is still there and accessible, but there's a difference between groping for it in the dark and having Google spotlight it.

Re:I blame the Google Toolbar for a lot of this (1)

Sepodati (746220) | about 10 years ago | (#10127055)

But then you just google for the robots.txt file and have a looksee at what people are trying to hide!! :) ---John Holmes...

Re:I blame the Google Toolbar for a lot of this (1)

Roofus (15591) | about 10 years ago | (#10126899)

Did you try the Google search? Most of the sites listed there were actually forums where people were posting lists of credit card numbers/personal information.

And even before the Google toolbar, putting up sensitive information on an unlinked page was never a smart thing to do. Just use an .htaccess file and password protect it for christ sakes.

Re:I blame the Google Toolbar for a lot of this (1)

halowolf (692775) | about 10 years ago | (#10126908)

Its certainly not a new problem. The poor design of the shared directory selection in Morpheus and other P2P apps certainly led more than a few people to share their entire hard drives.

Many internet users don't seem to understand what risks they have on their computers in exposing sensitive information. Hopefully education and a few high profile blunders will make people realise was risks they may have and take appropriate action.

More and more it looks like people really should get a license before using the internet :)

Re:I blame the Google Toolbar for a lot of this (4, Informative)

jsebrech (525647) | about 10 years ago | (#10126956)

This is no longer the case. The Google toolbar reports home to Google about sites people visit. Within a couple of minutes of someone viewing a URL that was private and only meant for them with a browser with the google toolbar installed the googlebot will come along to the site and grab the file for indexing. Nasty if you're not expecting it.

If you want to share something without google indexing it, there are many strategies you can use, all outlined [google.com] on google.com itself.

Google does not index anything you have not allowed it to.

The problem is people putting private information in a public forum, not someone indexing that private information.

Re:I blame the Google Toolbar for a lot of this (2, Interesting)

TheViciousOverWind (649139) | about 10 years ago | (#10127009)

The same problem actually exists with lots and lots of files...

Try out these searches on Google: Lots and lots of people is reckless with their data.

Re:I blame the Google Toolbar for a lot of this (3, Funny)

Ancil (622971) | about 10 years ago | (#10127013)


srv1(~)% cat /var/www/html/robots.txt
User-agent: *
Disallow: /
srv1(~)#

Re:I blame the Google Toolbar for a lot of this (5, Funny)

WoofLu (459652) | about 10 years ago | (#10127081)

whoa, your `cat` utility seems to get you to a root shell ^^

maybe it's a new security hole? q:

Re:I blame the Google Toolbar for a lot of this (3, Funny)

5E-0W2 (767094) | about 10 years ago | (#10127089)

The rest of your security is still pretty bad though. By the looks of your prompt you just got a root shell by catting your robots.txt.

Quicken files (4, Insightful)

Space cowboy (13680) | about 10 years ago | (#10126863)

I feel sorry for 'Haley' and others with their Quicken files being shown to all of /. and presumably friends etc. I wonder what the 'reach' of the slashdot crowd is when it's a "You're not going to believe this!" story...

Simon

Re:Quicken files (2, Funny)

ImaLamer (260199) | about 10 years ago | (#10127048)

What I'm wondering is....

Can I mirror these files on my web site?

I've downloaded a few but don't plan on doing anything dirty. Maybe I'll send out a few letters telling people that they should watch what they post on-line

I can see the reponse:

"Honey, do you know anyone named 'ImaLamer'?"

"No dear"

"Well, he or she claims that your bank information is online"

"Must be some sort of scam sweetie, toss it"

FBI use? (4, Insightful)

SynKKnyS (534257) | about 10 years ago | (#10126864)

Looks more like Google found forums where people were swapping credit card numbers.

First Post (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10126866)

eom

Priceless (4, Funny)

Killjoy_NL (719667) | about 10 years ago | (#10126871)

Good thing I've got a Mastercard then :)

Re:Priceless (1)

EdZ (755139) | about 10 years ago | (#10127047)

It works for mastercard too. Just replace Visa with Mastercard in the search.

What I'm more surprised by (4, Interesting)

suso (153703) | about 10 years ago | (#10126876)

is that you can search for ranges of numbers like that in google. That's pretty neat.

Re:What I'm more surprised by (1)

dr_labrat (15478) | about 10 years ago | (#10126973)

Its so "neat" and surprising that Google even document it!

http://www.google.com/help/refinesearch.html

Cool!

Re:What I'm more surprised by (5, Informative)

phreakv6 (760152) | about 10 years ago | (#10126980)

That feature has been here for sometime.If you want a list of all such obscure features
of google check this [google.com]

try this (4, Informative)

circletimessquare (444983) | about 10 years ago | (#10127014)

convert 29 fahrenheit to celsius

or

pi=

or

define: hubris

google's got neat tricks [google.com]

Googledorks (5, Informative)

tb()ne (625102) | about 10 years ago | (#10126878)

I think there was a similar /. article a while back. Do a google search for "googledorks" to find out what additional kinds of data are accessible.

Liability (5, Interesting)

usefool (798755) | about 10 years ago | (#10126893)

Is Google liable for harvesting and publishing sensitive information? If neighbour's window wasn't closed, it doens't mean you can take his naked photo and put it on the website?

Also, maybe those numbers are traps to catch people? Surely you need those goods to be sent to an address and someone has to eventually pick it up.

Re:Liability (1, Informative)

Anonymous Coward | about 10 years ago | (#10126926)

They are not publishing anything. It was already published. Google just found it. Google should have NO liability whatsoever.

This does make it easier for me to search for MY credit card. I would never put my own in the search engine bar as the search would be cached in someone's computer. Now, I just put the range in to see if I am on some Russian mafia's list...

Re:Liability (1)

tuxter (809927) | about 10 years ago | (#10126955)

No, but if you see him accidentally in the mirror in your bedroom...

Re:Liability (1)

good(k)night (754537) | about 10 years ago | (#10126957)

true, but homepage isn't as closed as home in home, sweet home.
it's widely available.
anyone could enter it, including google.

the question is.. can I put his photo on the website, when he's lawnmowing naked (where everyone can see him).

Re:Liability (1)

DZign (200479) | about 10 years ago | (#10126985)

Can't answer on the liability issue..

However back in the day when Altavista ruled, they had a nice guide about this, linked to from their main page. Although it wasn't about cc numbers but sensitive corporate information. I remember reading a whole instruction page about searching for 'companyname confidential' and strings like that so you could find if they indexed something they shouldn't have and what to do about it.

Re:Liability (2, Insightful)

tb()ne (625102) | about 10 years ago | (#10127007)

Is Google liable for harvesting and publishing sensitive information? If neighbour's window wasn't closed, it doens't mean you can take his naked photo and put it on the website?

If a google search finds it then google is not publishing it; rather, google is simply providing a link to something that is already published. IANAL but, cacheing aside, all they are doing is providing a link to something that is already publicly accessible, so I don't see how they could be liable. The situation may be more complicated if the data were illegally published, later pulled from the web site, but remain in google's cache.

Re:Liability (0)

Anonymous Coward | about 10 years ago | (#10127032)

This isn't about my neighbour being naked at home. this is about my neighbour running naked up and down the street screaming "LOOK AT ME!". (and as far as braindead analogies go, Google is the sattelite that 's making detailed areal photo's)

only few matches (0)

Anonymous Coward | about 10 years ago | (#10126900)

There are only 23 matches for that search, most of which are dups!!! This is an artificial problem, which even if it existed, would have been problem of individuals who were retarded enough to post their credit cards in plain text on publicly accessible websites. Oh wait - they serve useful role in life - they serve as an example to others!

Re:only few matches (3, Interesting)

sigaar (733777) | about 10 years ago | (#10126999)

Only some of us are fortunate enough to learn from other people's mistakes. The rest of us has to be the other people....

Try phpMyAdmin (5, Interesting)

Anonymous Coward | about 10 years ago | (#10126904)

Very popular is the search for "Welcome to phpMyAdmin".

This will give you some nice databases to browse through.

Re:Try phpMyAdmin (2, Informative)

liquidpele (663430) | about 10 years ago | (#10126961)

Not just wide open dbs though...
A lot of small sites don't check for sql-injection for login info, and use root as the mysql user. yikes!

Re:Try phpMyAdmin (1)

phreakv6 (760152) | about 10 years ago | (#10127026)

that was a good try... but these people werent completely dumb though since there is a sweet authentication page which shows up here [u-psud.fr] ,here [polarhome.com] ,here [textmefree.com] ,here [jagunet.com] andhere [cf.ac.uk] :))

eBooks (2, Interesting)

upside (574799) | about 10 years ago | (#10127064)

Another good one is searching for copywrite phrases found on front pages of eBooks such as O'Reilly CD Bookshelves. People seem to put up their eBooks for their own convenience. OTOH publishers seem to be doing a bit of Googling of their own, as they tend to be taken down pretty soon. Nothing that a quick WGET won't handle...

Re:Try phpMyAdmin (1)

dapyx (665882) | about 10 years ago | (#10127070)

Also cool is searching for this stuff [google.com]

How many of you... (5, Funny)

curne (133623) | about 10 years ago | (#10126905)

How many people dug out their own visa cards and googled for the number ? :-) I managed to stop
myself.

Re:How many of you... (1)

MasterDirk (659057) | about 10 years ago | (#10126977)

I must admit, I came pretty close before my own right got to its senses and smacked me in my forehead.

Ah, the dangers of drunk surfing...

Re:How many of you... (0)

Anonymous Coward | about 10 years ago | (#10127004)

Just do the first 8 digits.

Re:How many of you... (5, Funny)

Dr. Hok (702268) | about 10 years ago | (#10127096)

If you are worried about privacy, give me your visa number and I google for you. This will hide the connection between your name and the number.

This is supposed to be wrong? (2, Insightful)

Epistax (544591) | about 10 years ago | (#10126906)

Having google blocked (presumably from google's end) from this is just security through obscurity. Well it's not even that really, it means there is (1) stuff available in plain text which is a part of a website's (2) public access AND (3) for one reason or another has searching enabled. The problem is part 1 and/or 2, the symptom is 3. Cure the problem, not the symptom.

Re:This is supposed to be wrong? (1)

truz24 (800762) | about 10 years ago | (#10126990)

You are 100% correct. But I think the general consensus here is that Google should cover their tracks so they do not get in trouble, or get hassled. In my opinion, they should keep tabs on data exploits like these and remove them. But I do agree, the people that have this data should be responsible. I mean hell, all they have to do to keep google out is use robots.txt...

Address (1)

Satertek (708058) | about 10 years ago | (#10126907)

If you google your (or someone elses) phone number, you can search for your address.

Was kinda scary the first time I trired it.

Re:Address (1, Interesting)

Anonymous Coward | about 10 years ago | (#10126991)

But Google provides a link to remove your number and address info. And it works.

N.O. has a nice article on google searches also. (2, Interesting)

generalbeard (675699) | about 10 years ago | (#10126911)

Not getting just credit cards, but other nice little things.. New Order [neworder.box.sk]

Same for SSNs (4, Informative)

bcarl314 (804900) | about 10 years ago | (#10126913)

Just tried google for a SSN search as well. Same thing, you get a list of results within that social security number range, along with names, and addresses.

I just can't figure out why people would be victim to identity theft.

Politics will be very different in twenty years... (1)

Short Circuit (52384) | about 10 years ago | (#10126916)

...as a result of blogs. The stuff I've posted in my various blogs would pound me to a paste in any sort of political election.

For now, it'll only be the foolish adult politicians who say things in their blogs that will come back to haunt them in their careers. Combine kids and blogs, and you'll have a public record of your childhood behavior.

Time to join the 21st Century (5, Insightful)

WallaceSz (643543) | about 10 years ago | (#10126919)

Information on the internet is publicly available. Google simply makes it easier for people to find publicly available material. Same for third party apps like Google Alert [googlealert.com] that allow you to search on a regular basis for certain terms.

Obfusacation may have allowed people to be sloppy with their data exposure until now. But that is no excuse for people being lax with their own data security.

The Internet is built by it's users. The responsibility for protecting data lies squarely with the users at the edges.

W00t! (5, Funny)

tgd (2822) | about 10 years ago | (#10126921)

Just ordered a computer that can actually play Doom 3!

Thanks Slashdot!

on the google link in this article... (2, Interesting)

generalbeard (675699) | about 10 years ago | (#10126927)

Check out the cached version of the third link and look in the text box. Hopefully it's not any of you... google link [216.239.39.104]

Terrifying (5, Interesting)

corby (56462) | about 10 years ago | (#10126929)

I had trouble believing this, so I downloaded one of the .QDF files from the referenced link. I am feeling completely sick. This guy's checking account number, credit card number, and meticulously-maintained transaction history are sitting on my computer.

It's way too late to warn these people about the files. Their current identity is toast. So is their credit for the next seven or so years.

Is there anything we can advise these people to do to minimize the damage at this point?

Re:Terrifying (1)

Sayonara (633825) | about 10 years ago | (#10126960)

Close their accounts and have their names legally changed? :o(

I clicked "show with omitted results" and only 23 links were returned (and most were for the same resources). It's reassuring that out of the millions of people using the web, only a mere handful are naive or ignorant enough of the risks to do this.

check this out ! (1)

phreakv6 (760152) | about 10 years ago | (#10126931)

Hoping to find thousands of results i did this [google.com] ;)

A couple more fun examples: (5, Funny)

Anonymous Coward | about 10 years ago | (#10126933)

Sweet! (1)

sigaar (733777) | about 10 years ago | (#10126936)

Now I can afford that new notebook after all!

I've always liked this one... (1)

ImaLamer (260199) | about 10 years ago | (#10126950)

I believe it was covered on Slashdot before...

However search Google for cool stuff like:

"Index Of" "My Documents" "Last Modified" [google.com]

You can see plenty of people's documents, about 1300 or so results.

Linux is less fun:

"Index of" "/etc" "Last Modified" [google.com]

What can you do with this though [gray-world.net] ?

Re:I've always liked this one... (1)

ImaLamer (260199) | about 10 years ago | (#10126976)

Found a cool "guide" to these types of things:

http://gray-world.net/etc/passwd/googletut1.txt [tinyurl.com]

(BTW, the last link I posted above is a honey pot for those of you still trying to do something... he he)

The funniest part... (4, Funny)

Fortress (763470) | about 10 years ago | (#10126963)

of the VISA/Google search is that VISA is a sponsored link. Kind of like Microsoft advertising on a website that bashes it for its security holes...wait a minute...

News indeed (0)

Anonymous Coward | about 10 years ago | (#10126984)

This is EXTREMELY old news, shame on you, timothy [monkey.org] for approving this story!

FYI, there has been so much discussion going on about this topic in all sorts of forums that what you are likely to find on Google now using such queries is discussions on this topic rather than actual credit cards numbers or other sensitive info.

new type of google alert (1)

Jimmy The Tulip (770323) | about 10 years ago | (#10126988)

a new type of google alerts should be released that will inform about these things, that a new google exploit is released and you should do something!! do google care about these things?

What the hell is this?? (0)

Anonymous Coward | about 10 years ago | (#10126992)

From google's cache:
[cached from saigonchat.org] [64.233.179.104]

Looks like a list of poor bastards who have had their CC info stolen and posted for all to use.

Yay, no more mortgage! (0)

Anonymous Coward | about 10 years ago | (#10127011)

Thanks Slashdot!

QUICKEN come on (0)

Anonymous Coward | about 10 years ago | (#10127015)

If you think searching for quicken files is scary, then try Access Databases [google.com] especially poor fools who have left the fpdb directory open (why put a private database in the websites directory structure anyway).

Google auto index? (2, Funny)

Sharp Rulez (799059) | about 10 years ago | (#10127016)

I sought for my credit card number on Google.. Is Google indexing our search key words?? Doh!! Now everybody can find my creditcard!

Trouble (-1, Troll)

Anonymous Coward | about 10 years ago | (#10127017)

... looks pretty sweet [google.com] to me :-)

You just KNOW... (1)

ScytheBlade1 (772156) | about 10 years ago | (#10127021)

From the google search linked, there's a reason that those forums are crawling. Actually, mine is still trying to connect to the server.

Lot of /. geeks gotta get their pr0n, after all.

Thank god of google's caching. (0)

Anonymous Coward | about 10 years ago | (#10127031)

Just in case a website decided to take an offending page down, google's cache is there to the rescue.

The sad thing... (4, Insightful)

Sinistar2k (225578) | about 10 years ago | (#10127041)

The sad thing is that now people will be Googling for their credit card numbers to be sure they're 'safe', but doing so means their credit card number will show up in the list of things people are Googling.

Free music (1)

Mr_Silver (213637) | about 10 years ago | (#10127045)

Don't tell the RIAA but searching for:

"Index of" mp3 [google.com]

gives you access to rather a lot of files. You can also replace mp3 with various other suffixes for added fun.

Don't forget that removing the filetype and including "site:yourdomain.com" will allow you to quickly check if any of your folders are visible to the world that shouldn't be.

I'm safe!!! (0)

Anonymous Coward | about 10 years ago | (#10127057)

None of my credit cards numbers begins with '4366'!!! ;-)

Introducing... (4, Funny)

Gleng (537516) | about 10 years ago | (#10127079)

Norton DumbWall 2004

Featuring:

  • VisaBlock: Keep your credit card information off of the Internet
  • NoShare: Safeguard your banking details and MP3s from prying eyes
  • PackAway: If you're deemed to be too stupid to own a computer, Norton DumbWall 2004 will format your hard drive and arrange for one of our qualified technicians to come over to your house and take your computer away. It's for your own good.

Order now and get a free drool-bib.

Dammit! (5, Funny)

beaverbrother (586749) | about 10 years ago | (#10127092)

Thats my credit card number!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>