You’ve probably heard about the “Credit cards and Google cache” story. It’s obvious that it can happen again. Admins make mistakes; Google crawls data; it’s just a matter of time. But what else is lurking in Google?
People never stop dumping databases. Blackhats never stop searching. Let’s take a closer look at .gov websites.
Houston, we have a problem
There is nasa.gov website on second page. If you click a link you get the “You don’t have permission to access bla bla bla…” message.
But who cares?! We can get a copy from Google cache :}
Here is a big picture if you don’t get it.
Whoa! What does it mean? It means that cached pages can contain sensitive data – Google owns it. File is physically located on the Google server (209.85.129.132).
What’s inside? EDRN (Early Detection Research Network) data: names, phone numbers, emails, etc. But look carefully at URL again. What a hell is this “oodt.jpl.nasa.gov/repo”? Let’s do another search. … and we got a repository!
If I understand correctly, the basic components of Object Oriented Data Technology are open source, but you have to register (that’s what they think) to download them.
Collider black hole VS Google black hole
Believe me, super giant collider black hole will not destroy the World. Stupid admins and Google will do it.
Let’s get back to our search. You can find there a lot of FNAL (Fermi National Accelerator Laboratory) database dumps. And you don’t have to click “Cached” all the time – free access. Admins don’t care about sql, java, python, perl and other files. They don’t care about personal data (names, phone numbers, emails) of >2K scientists.
Have a nice weekend!
WARNING! AUTHOR DOESN’T TAKE ANY RESPONSIBILITY FOR YOUR ACTIONS. REMEMBER! DATA BELONGS TO ITS RESPECTIVE OWNERS. DON’T DO ANYTHING YOU’LL REGRET FOR THE REST OF YOUR LIFE!