Tech law GEEK

20060517

What vanity searches might tell you

Why should you run vanity searches on your name and your company or firm? Every once in a while you might find something is publicly accessible that shouldn't be. For example, I recently discovered a company (let's just call them "Ted's") posted what should have been internal vendor data on a publicly accessible page that was already cached by Google. "What, pray tell, could possibly be on those pages?" you might ask. Vendor names, key personnel information, application dates, DUNS info, revenue stats, and even their PASSWORDS. No encryption and no other security measures in place that would stop someone from following the Google link straight into their database access pages.

Not only was the data publicly visible, but anyone who happened to run across the site had the ability to approve and disapprove pending vendor applications and delete existing vendor records.

When your developers tell you your applications are secure, do you have someone else verify that's really the case? Maybe Ted's should.

Rate this post:
(data provided from NewsGator Online)

0 Comments:

Post a Comment

<< Home