Anjanesh

Assignment Statements, Comparisons & Observations
Font: Size: + -

Privacy = Security

Tuesday, December 12, 2006
What is our privacy level on the internet ? How secure are we on the internet ? Most of us who use the internet are unaware of privacy and security. You've often read of something like this when signing up : We'll never give your email address or disclose your personal information to any 3rd party member. Your privacy is very important to us - or something similar. And as a result, most of us sign up trusting whats written. There are two kinds of people who are overcautious of entering sensitive information over the internet : ones who use the net just for surfing and ones who know how the internet works to some technical level. The ones who use the net just for surfing are just browsin' around to kill time and/or checking mail. They wouldn't dare enter their credit card number for any reason what-so-ever and so they don't shop online. Ones who know the inner mechanisms may check for SSL certificate validity, safer browser, cookies etc. Not all sites can be checked manually, and hence arrived phishing protection. But the extent to which one can extract personal information from websites is not just limited to phishing techniques. Other factors like bad coding, poor Search Engine Optimization and allowing directory listing leading to holes in the website make it real easy for a surfer to extract information. If you are lead to a site (from a search engine) which has nothing related to what you want and has a whole lot of junk, you probably have entered a site that is SEOptimized real well. But Im not talking abt MFA related or similar sites. Im talking about genuine standard sites which have holes that lead to a breach in security and hence privacy (Im sounding like my old SJS math teacher !). An example of this is HRCapitol which seems to be a a job-placement company and has a form for a job-seeker to upload a resume. I don't know if they meant it to be searchable but it definitely shouldn't be. Check out http://www.google.com/search?q=filetype%3Adoc+site%3Awww.hrcapitol.com. You'll find around 163 resumes in Word DOC format which are available to the public and downloadable without any signing in ! For this reason alone, I would rather snail-mail my resume. Heres what it looks like today :
Click on the image for a very long result
As you can see, all these resumes are totally transparent. We can get all their personal information and...you guess. Incidentally, I came across this when searching for references of the name of the building in which I live in (moving permanently to another nearby building in Jan '07) !

0 comments: