March 12, 2004

Do you know where your sensitive files are? Google does.

Googling Up Passwords points out that Google's spiders crawl web server error messages and other misconfigurations just as easily as they crawl real content. For simple sites, like mine, there's not really an issue. Static HTML doesn't yield much of interest. For complex sites, like Amazon and Ebay, there is a phalanx of security experts waiting to pounce upon and patch the latest bug (perhaps not an entire phalanx, but those sites can and must afford security experts). But for the small workgroup web server, probably using MS products (for ease of use, convenience and training reasons), having such detailed examination of their web server available by keyword search is a disaster.

I often think of computers and cars in the same light. Automobiles were difficult to operate, prone to breaking down, and expensive during the early years of the 20th century. However, eventually, the technology standardized, the industry consolidated, and the car became a fundamental part of (American) life. Computers have only been accessible to common folk since the 1950s, so it's not fair to demand the same level of reliability. Yet, how much more protean is the computer than the automobile? It took decades to get air bags installed and seat belts worn. How long will it take before folks have the same level of visceral, unconscious understanding of the perils of the computer?

Posted by moore at March 12, 2004 03:59 PM | TrackBack
© Moore Consulting, 2003-2006