I Could Have Been a Hacker Today
I've posted a few times about new innovations in the Web 2.0 space, one of which is the web based operating system. Essentially these programs provide a desktop style interface that mimics what you see on your PC or Mac. They have considerable promise for mobile professionals and more. Here's the downside. If you're not careful you could be exposing yourself to the world of the world of web bad guys. If you're blog is enrolled in Feedburner, there's a nifty little stat tool that shows "unusual uses" of your blog. I clicked on an "unusual" link and was taken to the home page of a "Protopage" user. Protopage is one of several new "Web OS" companies developing the aforementioned application. The Tabs at the top of the page of this OS user were entitled Stuff, Blogs, XTra and Client Notes. Assuming the inbound link to my blog came from "Blogs" I clicked the link and a really cool interface that had select RSS feeds came up. Sure enough, there was the Feedburner subscription link to this blog. Cool.
Since I had never really looked at a Protopage site in detail, I decided to tool around a bit. I clicked "Client Links" I was shocked at what I saw, Three clients listed with user names and passwords to gain access to 3 different web servers, one of which was a MYSQL database server. Not Cool.
After looking at a couple of other links it was apparent that the private portion of this user's site was anything but. It had a complete set of links to the users bill payments every credit card company, utility and more was listed. It's just too much information to hang out there for potential identity thieves. Security issues often get blamed on the development world, when in fact, many of the issues lie with the end user's responsibility to use basic precautions to protect themselves. As the world of Web 2.0 gains traction, the connected consumer will have to rely on remote servers for much of what they have previously done on their local PC. Here's hoping we can all do a better job of keeping that data reliable and secure, developers and users alike.
Since I had never really looked at a Protopage site in detail, I decided to tool around a bit. I clicked "Client Links" I was shocked at what I saw, Three clients listed with user names and passwords to gain access to 3 different web servers, one of which was a MYSQL database server. Not Cool.
After looking at a couple of other links it was apparent that the private portion of this user's site was anything but. It had a complete set of links to the users bill payments every credit card company, utility and more was listed. It's just too much information to hang out there for potential identity thieves. Security issues often get blamed on the development world, when in fact, many of the issues lie with the end user's responsibility to use basic precautions to protect themselves. As the world of Web 2.0 gains traction, the connected consumer will have to rely on remote servers for much of what they have previously done on their local PC. Here's hoping we can all do a better job of keeping that data reliable and secure, developers and users alike.
posted by Mike Price at 8:30 AM
3 Comments:
Hi Mike,
Could you do us a favour please and let us know which page it is using our support form here
We allow public, private and shared tabs, and they have obviously accidentally set their private tabs as public. We'll contact them to let them know.
Thanks very much in advance for your help and for mentioning us in your article.
Andre,
I am amazed at how quick you found this post and responded to it. I did as you requested and sent the link. I think the guy is showing his private notes by accident. Anyhow, you should have the link. Keep up the good work.
Wow! I have to go now and check my feedburner unusual uses. I remember looking at a company web site several years ago and finding a link to their shared server which was loaded with all of the internal documents used in their business.
Post a Comment
Links to this post:
Create a Link
<< Home