More Saving. More Doing. More Exposure.

Discussion in 'HardForum Tech News' started by FrgMstr, Apr 28, 2017.

  1. FrgMstr

    FrgMstr Just Plain Mean Staff Member

    Messages:
    47,986
    Joined:
    May 18, 1997
    If you recall, back in 2014 Home Depot "allowed" 56 million of it customers' credit card information to be stolen. Apparently now you don't even have to "hack" into Home Depot to get some of its customers' information, Home Depot will just put it online for everyone to see. Just because you know how to use a hammer apparently does not qualify you to run an online business. Whodathunkit?


    The internet address that hosted these spreadsheets — along with one random document containing a scanned printout of a customer’s name, address, and signature — was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines (several of the email addresses listed, when typed into a Google search, surfaced the documents), and completely accessible to the open internet.
     
  2. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,435
    Joined:
    Jul 16, 2008
    Not saying that the info wasn't accessible but I am really wondering about the Google search claim. I put together a website once and then I tried to test it and see if it would show up on a search, nada, zip, nothing. The only way I was able to find that site was if I searched for the url of the site itself. That was a .... what was that website hosting company that made it all so easy? I don't remember, but it was popular and if you didn't pay them to boost your search rating no one would find your site.
     
  3. FrgMstr

    FrgMstr Just Plain Mean Staff Member

    Messages:
    47,986
    Joined:
    May 18, 1997
    High profile domains get the big spiders...
     
  4. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    I remember when I used to run some small websites it took weeks for them to show up in search engines.
     
  5. haste.

    haste. [H]ard|Gawd

    Messages:
    1,652
    Joined:
    Nov 11, 2011
    God if only you guys knew the true number of breaches... EMV has successfully hampered the ability of large retailer breaches, but fraud just shifted. Plus all the mid-sized breaches that didn't get announced. The amount of CAMS (compromised account) alerts that come thru these days is amazing.
     
  6. ccmfreak2

    ccmfreak2 Limp Gawd

    Messages:
    318
    Joined:
    Jul 27, 2009
    One local university near me had a similar leak years ago - over 5,000 names, addresses, ssn, and other sensitive info was put on a student-worker's network drive, which was outward facing and crawled by Google. They'd sat out there for a literal year. It was discovered after the head of IT searched her social security number to see what would come up and this document came up with her and thousands of other's info.

    Her response to this leak? To their knowledge, this file hasn't been accessed by anyone else.
    To your knowledge? To your knowledge, the file didn't even exist on the web for a year!

    These kind of stories is a constant reminder that people are the weakest link in maintaining security.
     
  7. dandirk

    dandirk [H]ard|Gawd

    Messages:
    1,827
    Joined:
    Jun 5, 2004
    You really need to either use a specific credit card or some other form of payment like paypal to insulate your self a bit.

    I have had my card compromised twice, both caught inside of a week and corrected less than a week after.

    I now only use a credit card for everything, my risk is my limit. My GF goes even further and uses a bank card from an account she purposefully moves money into.
     
  8. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,435
    Joined:
    Jul 16, 2008
    There was a time back when I was in the Army mostly back in the 80s when soldier's social security numbers were posted right out in the open for anyone to walk by and see, or take. that was before the day when everyone had digital cameras so even if photos were taken, they are hard to find on the internet, but here is an example from a Civil Air Patrol document.

    [​IMG]

    Documents like these were posted outside on builtin boards or in hallways outside offices.

    This pic is an excellent example of what I mean about how these documents were posted for anyone to see.

    [​IMG]
     
    Last edited: Apr 28, 2017
  9. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,677
    Joined:
    Dec 15, 2003
    The crawler has to find the site and then crawl through it if you don't explicitly tell it. That could be a while.

    Only takes an hour or so if you use the search providers tools and tell them to crawl it (it's in Google's Webmaster toolkit).
     
    Kwaz likes this.
  10. SamuraiInBlack

    SamuraiInBlack [H]ardness Supreme

    Messages:
    5,676
    Joined:
    Oct 10, 2003
    Fuck Home Depot. Can't wait for the company to burn to the ground.
     
  11. leezard

    leezard [H]ardness Supreme

    Messages:
    4,425
    Joined:
    Aug 24, 2004
    It takes more than just putting a website online to get it listed in google searches. Google has to know the site exists before it can index it. One way for Google to find your site is to have links to it from other relevant sites that are already indexed and actively being crawled. You can also add it manually using Google webmaster tools.

    Example, all of those links to other sites news/reviews on the [H] front page are a BIG boost to their search rankings
     
  12. BioSehnsucht

    BioSehnsucht [H]Lite

    Messages:
    70
    Joined:
    Oct 16, 2007
    These days, Google also indexes sites/pages that Chrome uses have visited. So it's easy for it to attempt to crawl "unlisted" sites/pages, and pages it shouldn't be able to access like various admin paths that can only be accessed after logging in (or should only be able to be accessed ... )
     
  13. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,435
    Joined:
    Jul 16, 2008

    All paid for when you buy that company's service. The site is supposed to be listed with all the major search engines. What was the name of that company? They Sponsored that female NASCAR driver for awhile.

    It was GoDaddy.


    but Kyle already addressed my comment from a different, yet more applicable manner as regards this topic.