An Overlooked Feature of Search Engines: "Google Hacking"

A recent article by Yuki Noguchi in the Washington Post ("Online Search Engines Help Lift Cover of Secrecy") serves to remind computer users that Internet search engines are able to find information considered by their creators and users to be confidential. As search engines have become more powerful and the Internet a richer source of information, a broad range of material not intended to be generally available to the public has become viewable by anyone with Internet access. The proliferation of Web-enabled databases means that anyone can gain direct access to templated pages, using commands which are employed in popular database software packages. In one example, a journalist gained access to a US university hospital database of 5500 patient records including patient names, addresses, phone numbers, biographies and detailed write-ups of diseases and treatments – simply by using a well-known search engine. Search strings including "xls" or "cc" often bring up spread sheets and credit card numbers linked to a customer list. Many such lapses could be prevented by basic security steps on the server on which sensitive data is stored – for example, by configuring an instruction sheet for search engine "crawlers" that will define what is off limits. For the full text of the Washington Post article, see: http://www.washingtonpost.com/wp-dyn/articles/A24053-2004Feb8.html. Summary by: Amy-Lynne Williams