Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : March 2008

March 10, 2008 20:09 - Google Hacking Becomes Easier With New Tool

What is "Google hacking"? It isn't about hacking into Google's website, but refers to a sophisticated searching technique used to uncover flaws in the way Web sites handle confidential details, such as public files containing password and credit card numbers and clues about the vulnerability of the site's own servers.

Thanks to a program that automates what has typically been a lot of manual labor, this has now got a lot easier.

The Cult of the Dead Cow (cDc) hacker group has released this open-source tool, called Goolag Scan. They say it is designed to enable IT workers to quickly scan their Web sites for security vulnerabilities and at-risk sensitive data, using a collection of specially crafted Google search terms. The group has acknowledged that the tool could also be used by malicious attackers to look for vulnerable Web sites.

The process of so-called Google hacking is already well known, largely due to the efforts of Johnny "I Hack Stuff" Long, whose presentation on the subject have become a fixture at conferences, such as Black Hat. CDc's Goolag Scan allows unskilled hackers or the simply curious to use the same techniques.

To reference this entry please copy the url in this link: (Permalink)

March 19, 2008 21:24 - Phorm.. The New Threat To Our Privacy

Sir Tim Berners-Lee, Father of the Internet, has raised privacy concerns about web tracking systems, as major British internet service providers, including Talk Talk, BT and Virgin, consider adopting a web tracking service provided by a company called Phorm.

Phorm offers personalised advertisements for customers by tracking their web surfing, which could radically alter advertising on the internet.

A report commissioned by Phorm and carried out by two respected privacy campaigners said sensitive user data should not be collected by the tool. Phorm has said e-mails, credit card details and information on secure websites would not be tracked and analysed.

But the interim privacy impact assessment report, written by Simon Davies and Gus Hosein, of 80/20 Thinking Ltd, said the company should go further and "Information from websites and queries regarding sexual content, political preferences, medical health, racial origin should be blocked from processing."

Sir Tim said it was fundamental that a web surfer's browsing history belonged to him, and not the ISP. He said, "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

Further criticism came from The Foundation for Information Policy Research, an influential UK think-tank, which has sent an open letter to the Information Commissioner, Richard Thomas, stating that Phorm is illegal in Britain.

It is the view of the Foundation that Phorm's system would leave the ISPs open to class action suits and charges of processing data illegally. Furthermore, under Europe's comprehensive data protection laws, the use of such a system requires the explicit permission of individual customers using an "opt-in".

Even more significantly, it says "the Phorm system will be "intercepting" traffic within the meaning of Section 1 of the Regulation of Investigatory Powers Act 2000. In order for this to be lawful then permission is needed from not only the person making the web request but also from the operator of the web site involved (and if it is a web-mail system, the sender of the email as well)."

Does this mean we have some protection against this nasty agglomeration of covert surveillance and corporate greed? I'll keep you updated.

To reference this entry please copy the url in this link: (Permalink)

February 2008 « 

 

 RSS
RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers