Join 3,512 readers in helping fund MetaFilter (Hide)


Security is for Suckers
September 6, 2006 10:38 PM   Subscribe

The Best Hiding Place is Right Out in the Open?
Yes, its a simple Google search. But it returns confidential pdf's and pages from all over the internet. Business plans, powerpoint presentations and other naughty bits exposed to, well, anyone who finds it.
Oops.
posted by fenriq (49 comments total) 2 users marked this as a favorite

 
"not for public release"
posted by Kickstart70 at 10:46 PM on September 6, 2006


Oops, indeed.
posted by Stunt at 10:48 PM on September 6, 2006


It's a neat idea, I saw this on www.boingboing.net this morning and spent a half-hour or so looking through search results, but it seems in practice that for anything that's actually "do not distribute", there are dozens of other things that read along the lines of: "The policy states that documents are to be marked 'confidential - do not distribute'".

The most interesting thing I found in my cursory travels was the counsellor rules for a prison counselling program for girls: counsellors are told to keep anything the girls say confidential, and do not distribute condoms.
posted by aeschenkarnos at 10:49 PM on September 6, 2006


Now I can finally build my very own whatever this thing is.
posted by tepidmonkey at 10:51 PM on September 6, 2006


"secret underground lair"
posted by trinarian at 10:51 PM on September 6, 2006


powerpoint pitches best left behind closed doors. I feel for those who gave these presentations.

"secret underground lair"
there's the reason I haven't seen any furries around lately.
posted by carsonb at 10:57 PM on September 6, 2006


That's wonderful. People have this naive belief that links they don't deliberately publicize won't get spidered. But sooner or later it's quite likely a search engine will find it -- in someone's public referrer log, or because you didn't disable directory listings, or somewhere down in the long, unedited history of an email message that eventually found its way onto a publicly archived mailing list.

If you must put something on the web that you don't want made public, you have to secure it using honest-to-god access control (which is not exactly difficult). But even then, somebody may just lose track of a copy which gets posted somewhere public.
posted by George_Spiggott at 11:03 PM on September 6, 2006


Wow... if Im not mistaken thats the final schematic for a nuclear warhead trigger mechanism...either that or a Dairy Queen soft whip dispenser...:::turns schematic over:::
posted by Muirwylde at 11:03 PM on September 6, 2006


I once got a job from someone who googled an old, unlinked resume of mine, hosted on a backwater ISP that I'd forgotten about entirely, and called me up. Nothing is safe, though in that case it was a good thing.
posted by jimmythefish at 11:20 PM on September 6, 2006


This result is particularly ironic.
posted by squalor at 11:32 PM on September 6, 2006


I don't know about posting google searches. But I'd love to see "Secret Underground Lair" vs. "Not for Public Release" deck it out over at googlefight. In fact.... here.
(the results are shocking!)
posted by punkbitch at 11:33 PM on September 6, 2006


oy! what fun... but thanks for hours of joyful browsing...
posted by infini at 11:40 PM on September 6, 2006


Ninjas long have known the best place to hide is out in the open. Or as... cheerleaders. Whichever one. They're both good.


posted by damn dirty ape at 11:49 PM on September 6, 2006


"company confidential" works decently as well... I've been limiting by PDF.

I'll say I'm a bit disturbed by how many items I was afraid to click, overall.
posted by VulcanMike at 12:05 AM on September 7, 2006


In my experience, every document template in every large company on the planet contains some mention of confidentiality.
posted by coelecanth at 12:26 AM on September 7, 2006


...although my survey isn't totally complete.
posted by coelecanth at 12:31 AM on September 7, 2006


inurl:CgiStart?page=Single
axis inurl:view/index.shtml
posted by Sukiari at 12:51 AM on September 7, 2006 [1 favorite]


OMG Bunny! (page 12)
posted by orthogonality at 1:10 AM on September 7, 2006


NOFORN
posted by orthogonality at 1:17 AM on September 7, 2006


Not to spoil the fun, but the first search hit is also linked from the official company site, so it is probably to be considered declassified.
posted by Herr Fahrstuhl at 2:04 AM on September 7, 2006


Google Hacking database is what you meant to post.
posted by about_time at 4:46 AM on September 7, 2006


I'll say I'm a bit disturbed by how many items I was afraid to click, overall.

Oh come on, take some chances. Hold on, someone knocking at the door ...
posted by itchylick at 5:02 AM on September 7, 2006


If you are a programmer "proprietary source code" is also good for a few laughs.
posted by localroger at 5:53 AM on September 7, 2006


thats the final schematic for a nuclear warhead trigger mechanism...either that or a Dairy Queen soft whip dispenser

They are one and the same. In the final moments before an atomic blast individuals at ground zero are treated to delicious soft ice cream treats.
posted by CynicalKnight at 6:14 AM on September 7, 2006


punkbitch:

I win!!
posted by trinarian at 6:22 AM on September 7, 2006


Daddy, what's a Oingo Boingo?
posted by davy at 7:18 AM on September 7, 2006


Is this really a link to "something cool on the web"? If it was a link to an article about this (apparently) common security flaw, maybe; as it is, this is only a link to a google search which will inevitably change over time.
posted by yhbc at 7:49 AM on September 7, 2006


Sukiari: "inurl:CgiStart?page=Single
axis inurl:view/index.shtml
"


Wow, that's neat. I just watched some guy buy something in a hardware store.
posted by mindless progress at 8:11 AM on September 7, 2006


electronics store. If I was that guy I'd totally wear a chicken suit.

Lazyweb: someone needs to make a fake security cam that is actually a flash video that shows aliens landing in the background or something.
posted by craniac at 8:21 AM on September 7, 2006


Heh, i love net voyeurism!
guinea pig cam!
posted by TechnoLustLuddite at 8:37 AM on September 7, 2006


Once, a long time ago, I worked for a company that did some contract work for a large blue computer firm. We were working on a product that hadn't been released yet, and all the documentation was stamped "BLUE CONFIDENTIAL: DO NOT DISTRIBUTE".

When the product was released, staff from Blue arrived, counted our "confidential" documentation to make sure it was all accounted for, shredded it, and gave us new documentation which was identical except that it was NOT stamped confidential.

This obviously eliminates the problem of trying to determine if they really want that "confidential" document linked to the company home page or not.
posted by djfiander at 8:46 AM on September 7, 2006


Re: not exactly difficult Posted by George_Spiggott

And there is always <meta name="Robots" content= "noindex, nofollow">
posted by Schroder at 8:48 AM on September 7, 2006


Is this really a link to "something cool on the web"?

Yep, it is. I, for one, would like to form my own opinions about things instead of reading regurgitated pap from media hacks all the time.
posted by Kickstart70 at 8:55 AM on September 7, 2006


Is this really a link to "something cool on the web"? If it was a link to an article about this (apparently) common security flaw, maybe; as it is, this is only a link to a google search which will inevitably change over time.
posted by yhbc


You're right--it can't be cool unless I know from someone else what to think.

On preview--what Kickstart70 said.
posted by leftcoastbob at 9:14 AM on September 7, 2006


You're missing my point, which was not that anyone needs to be told what to think, but that this post breaks the posting guidelines.
Make sure you're linking to something on the web. If you're posting a generalized question to the audience, or posting a comment as a main thread, either find an appropriate mailing list, or use MetaTalk.
My question was rhetorical - it is not a link to "something cool on the web" (which is another quote from the posting page), but an example of a google search. Although it may warrant discussion, it does not belong here.

Sorry I confused both of you by trying to be polite and not derail the thread. I won't make that mistake again.
posted by yhbc at 9:40 AM on September 7, 2006


Oy, I was waiting for this to show up on the blue. One of my clients has a PDF in the first page of search results, and we had a little chat shortly after the BB article went up about how "with FTP access comes great responsibility".

"The policy states that documents are to be marked 'confidential - do not distribute'".

This was true in my client's case, and the "confidential" materials were actually part of a very public press campaign some years ago. We think the document in question had been linked via a news posting at the time (laziness on PR's part, or an inability to generate a "clean" PDF).

On the plus side, they hit their daily average of hits for the day before 10am.
posted by Sangre Azul at 9:46 AM on September 7, 2006


When the product was released, staff from Blue arrived, counted our "confidential" documentation to make sure it was all accounted for, shredded it, and gave us new documentation which was identical except that it was NOT stamped confidential.

As was explained to me many, many, many, many, many (you have no idea how many more manys I could conceivably write here and not be exaggerating) whilst I worked there, when maintaining a confidential documents policy it's just as important to ensure that non-confidential information is not marked confidential as it is to ensure that confidential information is marked as such. It had to do with lawsuits over trade secrets or industrial espionage or somesuch.
posted by jacquilynne at 11:08 AM on September 7, 2006


Now I can finally build my very own whatever this thing is.

Check those plans again. They responded.
posted by oraknabo at 11:34 AM on September 7, 2006


Adding "site:.gov" is an interesting variation. A lot of the searched documents are just policies about confidential documents. But not all of them.

Now I can finally build my very own whatever this thing is. - tepidmonkey

Check those plans again. They responded. - oraknabo

At least they have a sense of humour about it. Some managers would go on some kind of crusade about how the internets are ruining civilisation.
posted by raedyn at 12:30 PM on September 7, 2006


Sorry I confused both of you by trying to be polite and not derail the thread. I won't make that mistake again.

Actually the flaw was in your use of the word 'article', which was even emphasized in italics. If you hadn't used that, we wouldn't have assumed that you wanted an article, thinking that it was better than linking to a Google search.

</desnark>
posted by Kickstart70 at 12:43 PM on September 7, 2006


I'll see your NOFORN and raise you a WNINTEL.
posted by longbaugh at 2:15 PM on September 7, 2006


I got a kick out of the sponsored ad:

Sponsored Links
Protect Confidential Data.....

posted by x_3mta3 at 4:01 PM on September 7, 2006


very clever post
posted by kozad at 4:53 PM on September 7, 2006


I don't think google searches are categorically excluded from "something cool on the web".

unless....uh, what do you mean by "something"?
posted by carsonb at 7:15 PM on September 7, 2006


Check those plans again. They responded.
Feh. I was hoping they'd added a "Hobnostic Defrosticator" or "Framistat" label.
posted by lekvar at 7:36 PM on September 7, 2006


So I take it no one found anything really freaky, eh?
posted by five fresh fish at 8:06 PM on September 7, 2006


Just that photo of you naked with a wombat, fff. Otherwise, nothing good.
posted by caution live frogs at 9:55 PM on September 7, 2006


A wombat? Good. S'alright, then.
posted by five fresh fish at 8:39 AM on September 8, 2006


That was no wombat, that was my wife!
posted by davy at 6:53 PM on September 15, 2006


« Older Battlestar Galactica: The Resistance....  |  In New Zealand at Ferrit you c... Newer »


This thread has been archived and is closed to new comments