googling credit card numbers

Interesting story about someone who happened to be happily googling about and ran across some lout’s hidden (albeit rather poorly) cache of stolen credit card numbers, along with other details:

I found more than that: login details to people’s web hosting accounts and e-commerce site memberships as well. It was really freaky to think it was all just staring at me, thanks to a flukey Google search. Nothing more complicated than that. (And no, don’t email me for the search details!)

For whatever reason, a hacker has broken into a number of sites and stored the resulting DB dumps into text files that Google came along and indexed, all because this guy’s site’s directories were set to display their contents when no default file is present.

To be honest I’m not all that surprised. The hacker in question probably had put the information on a location that may have only been partially commandeered, giving him or her a place to stash his loot but possibly not being able to block index listings. Anyway, goes to show once again that, no matter how safe anyone tells you their system is, there is always room for mistakes. The gentleman’s article, in that regard, provides some good advice to make sure that its not your credit card number that shows up on a google search.

Well, perpahs except for one:

So here’s the suggestion: search Google for your credit card number.

If I may be so bold as to disagree, I’d strongly discourage everyone from doing this. Not necessarily that someone at google will be salivating over the fact that you’ve just given up your credit card and will shortly be going to the nearest Fry’s to cash in (given their options, I imagine they could care less…), but rather because that same info will be going to google by way of any number of intermediaries in a completely unsecured, unencrypted form. Not that its a huge risk – the chance of someone who happens to be listening in to your particular transmission may well be low. Then again, it ain’t rocket science to set up a filter to pick out certain number patterns in internet traffic. I guess the only point is, why take the chance in the first place?

canadian hacker puts judge in prison

Odd where you find stuff and don’t find stuff. Noticed this story in The Inquirer. The nub:

The case was all started when a Canadian hacker Brad Willman broke into the judge’s Irvine home computer and discovered sexually explicit images of young boys and a diary that revealed Kline’s fantasies involving young boys. A subsequent police search of the Judge’s court computer revealed more images and more dodgy Web sites.

Kline is the judge in question. In Orange County. Apart from the irony of the situation I thought it was somewhat interesting that it didn’t (apparently) see much coverage in Canada, notwithstanding the origins of the hacker in question.