More Saving. More Doing. More Exposure.

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
49,868
If you recall, back in 2014 Home Depot "allowed" 56 million of it customers' credit card information to be stolen. Apparently now you don't even have to "hack" into Home Depot to get some of its customers' information, Home Depot will just put it online for everyone to see. Just because you know how to use a hammer apparently does not qualify you to run an online business. Whodathunkit?


The internet address that hosted these spreadsheets — along with one random document containing a scanned printout of a customer’s name, address, and signature — was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines (several of the email addresses listed, when typed into a Google search, surfaced the documents), and completely accessible to the open internet.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Not saying that the info wasn't accessible but I am really wondering about the Google search claim. I put together a website once and then I tried to test it and see if it would show up on a search, nada, zip, nothing. The only way I was able to find that site was if I searched for the url of the site itself. That was a .... what was that website hosting company that made it all so easy? I don't remember, but it was popular and if you didn't pay them to boost your search rating no one would find your site.
 

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
49,868
Not saying that the info wasn't accessible but I am really wondering about the Google search claim. I put together a website once and then I tried to test it and see if it would show up on a search, nada, zip, nothing. The only way I was able to find that site was if I searched for the url of the site itself. That was a .... what was that website hosting company that made it all so easy? I don't remember, but it was popular and if you didn't pay them to boost your search rating no one would find your site.
High profile domains get the big spiders...
 

M76

[H]F Junkie
Joined
Jun 12, 2012
Messages
10,671
Not saying that the info wasn't accessible but I am really wondering about the Google search claim. I put together a website once and then I tried to test it and see if it would show up on a search, nada, zip, nothing. The only way I was able to find that site was if I searched for the url of the site itself. That was a .... what was that website hosting company that made it all so easy? I don't remember, but it was popular and if you didn't pay them to boost your search rating no one would find your site.
I remember when I used to run some small websites it took weeks for them to show up in search engines.
 

haste.

[H]ard|Gawd
Joined
Nov 11, 2011
Messages
1,651
God if only you guys knew the true number of breaches... EMV has successfully hampered the ability of large retailer breaches, but fraud just shifted. Plus all the mid-sized breaches that didn't get announced. The amount of CAMS (compromised account) alerts that come thru these days is amazing.
 

ccmfreak2

Limp Gawd
Joined
Jul 27, 2009
Messages
318
One local university near me had a similar leak years ago - over 5,000 names, addresses, ssn, and other sensitive info was put on a student-worker's network drive, which was outward facing and crawled by Google. They'd sat out there for a literal year. It was discovered after the head of IT searched her social security number to see what would come up and this document came up with her and thousands of other's info.

Her response to this leak? To their knowledge, this file hasn't been accessed by anyone else.
To your knowledge? To your knowledge, the file didn't even exist on the web for a year!

These kind of stories is a constant reminder that people are the weakest link in maintaining security.
 

dandirk

[H]ard|Gawd
Joined
Jun 5, 2004
Messages
1,831
You really need to either use a specific credit card or some other form of payment like paypal to insulate your self a bit.

I have had my card compromised twice, both caught inside of a week and corrected less than a week after.

I now only use a credit card for everything, my risk is my limit. My GF goes even further and uses a bank card from an account she purposefully moves money into.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
There was a time back when I was in the Army mostly back in the 80s when soldier's social security numbers were posted right out in the open for anyone to walk by and see, or take. that was before the day when everyone had digital cameras so even if photos were taken, they are hard to find on the internet, but here is an example from a Civil Air Patrol document.



Documents like these were posted outside on builtin boards or in hallways outside offices.

This pic is an excellent example of what I mean about how these documents were posted for anyone to see.

 
Last edited:

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,682
I remember when I used to run some small websites it took weeks for them to show up in search engines.
The crawler has to find the site and then crawl through it if you don't explicitly tell it. That could be a while.

Only takes an hour or so if you use the search providers tools and tell them to crawl it (it's in Google's Webmaster toolkit).
 
  • Like
Reactions: Kwaz
like this

leezard

Supreme [H]ardness
Joined
Aug 24, 2004
Messages
4,695
Not saying that the info wasn't accessible but I am really wondering about the Google search claim. I put together a website once and then I tried to test it and see if it would show up on a search, nada, zip, nothing. The only way I was able to find that site was if I searched for the url of the site itself. That was a .... what was that website hosting company that made it all so easy? I don't remember, but it was popular and if you didn't pay them to boost your search rating no one would find your site.
It takes more than just putting a website online to get it listed in google searches. Google has to know the site exists before it can index it. One way for Google to find your site is to have links to it from other relevant sites that are already indexed and actively being crawled. You can also add it manually using Google webmaster tools.

Example, all of those links to other sites news/reviews on the [H] front page are a BIG boost to their search rankings
 

BioSehnsucht

Weaksauce
Joined
Oct 16, 2007
Messages
70
These days, Google also indexes sites/pages that Chrome uses have visited. So it's easy for it to attempt to crawl "unlisted" sites/pages, and pages it shouldn't be able to access like various admin paths that can only be accessed after logging in (or should only be able to be accessed ... )
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
It takes more than just putting a website online to get it listed in google searches. Google has to know the site exists before it can index it. One way for Google to find your site is to have links to it from other relevant sites that are already indexed and actively being crawled. You can also add it manually using Google webmaster tools.

Example, all of those links to other sites news/reviews on the [H] front page are a BIG boost to their search rankings

All paid for when you buy that company's service. The site is supposed to be listed with all the major search engines. What was the name of that company? They Sponsored that female NASCAR driver for awhile.

It was GoDaddy.


but Kyle already addressed my comment from a different, yet more applicable manner as regards this topic.
 
Top