"for official use only" or "U//FOUO" brings up interesting results, the pdf "U//FOUO Sovereign citizens extremist ideology" by the FBI was a good read so were all the Interpol recent internal reports about all their weapons that have been "misplaced" or stolen.
Uh. Unless I'm mistaken, that particular inmate pleaded guilty and was convicted of 937 various counts raised against him, including murder and rape. He kidnapped three women (in 2002, 2003 and 2004) and kept them imprisoned in his basement for nearly 11 years during which time he did horrible, unspeakable things to them.
IANAL, but typically CFAA violations revolve around crafting special URLs, as in a forced browsing attack. Simply following a URL, is AFAIK not (yet) a crime.
This is pretty interesting. One did say "Not for Public Release UNTIL", so could presumably be intended, but in a lot of cases webmasters probably didn't think something would be found and indexed by Google wherever they put it. And were wrong.
This is a great example of the house of cards all our network systems are built on top of.
Imagine this scenario: you maintain a network of web servers, database servers, file servers, etc. They all combine to generate a large website used by tens of millions of users every month. One day you are just doing a cursory look over a certain server, but you see something strange. Someone is logged in to your server. And they have a Russian IP address.
What do you do? Obviously, the first step is you login to your edge routers and null route all of Russia. GFTO. Next, you've got an idle session on one server. What were they doing?
How can you reconstruct what they were doing? bash history? maybe. Network forensics? Your network probably isn't recording every historical connection between servers—99.9999% of the time useless—but critical in this case. File system access? Your file system probably isn't logging every historical access—useless 99.99999% of the time—but would be really freaking useful in this case.
So, you investigate their history, double check some database logs, check netstat, check lsof, and in the end, you really have no idea what they were doing at all. Our systems don't leave enough bread crums around to reconstruct even interior hostile activities, much less semi-intelligently disallowing Google to not index confidential information when accidentally left exposed.
when you decide to buy something for $x instead of paying someone who knows what they are doing to implement something with proper standards for $5x show on things like this
They should have at least have set an owner password for these documents. (In practice, they are not effective preventing people to disregard limitation that you set on the document, but at least it'll exclude documents for indexing at least by Google.)
[+] [-] ErikRogneby|10 years ago|reply
[+] [-] _tjry|10 years ago|reply
[+] [-] yellowapple|10 years ago|reply
[+] [-] Forbo|10 years ago|reply
http://www.hackersforcharity.org/ghdb/
[+] [-] mindcrime|10 years ago|reply
https://www.google.com/search?q=not+for+public+release+filet...
or
https://www.google.com/search?q=top+secret+filetype:pdf+site...
and
https://www.google.com/search?q="five+eyes"+filetype:pdf+sit...
etc.
[+] [-] pakled_engineer|10 years ago|reply
[+] [-] snehesht|10 years ago|reply
[+] [-] oskarth|10 years ago|reply
https://www.google.com/search?as_q=&as_epq=not+for+public+re...
(The above is sarcasm).
[+] [-] rthomas6|10 years ago|reply
[+] [-] Mahn|10 years ago|reply
[+] [-] strictnein|10 years ago|reply
[+] [-] ryanlol|10 years ago|reply
[+] [-] PeterWhittaker|10 years ago|reply
Less than a month old? A single screenful, mostly Australian.
[+] [-] maudineormsby|10 years ago|reply
[+] [-] maudineormsby|10 years ago|reply
[+] [-] shanemhansen|10 years ago|reply
[+] [-] _tjry|10 years ago|reply
[+] [-] rohan404|10 years ago|reply
[+] [-] pdxandi|10 years ago|reply
[+] [-] rusbus|10 years ago|reply
[+] [-] jdavis703|10 years ago|reply
[+] [-] ck2|10 years ago|reply
[+] [-] ikeboy|10 years ago|reply
[+] [-] ChuckMcM|10 years ago|reply
Kind of makes me want to take Geology there, sounds like a fun place.
[+] [-] cvsv|10 years ago|reply
[+] [-] misiti3780|10 years ago|reply
[+] [-] schoen|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] feld|10 years ago|reply
[+] [-] ocdtrekkie|10 years ago|reply
[+] [-] seiji|10 years ago|reply
Imagine this scenario: you maintain a network of web servers, database servers, file servers, etc. They all combine to generate a large website used by tens of millions of users every month. One day you are just doing a cursory look over a certain server, but you see something strange. Someone is logged in to your server. And they have a Russian IP address.
What do you do? Obviously, the first step is you login to your edge routers and null route all of Russia. GFTO. Next, you've got an idle session on one server. What were they doing?
How can you reconstruct what they were doing? bash history? maybe. Network forensics? Your network probably isn't recording every historical connection between servers—99.9999% of the time useless—but critical in this case. File system access? Your file system probably isn't logging every historical access—useless 99.99999% of the time—but would be really freaking useful in this case.
So, you investigate their history, double check some database logs, check netstat, check lsof, and in the end, you really have no idea what they were doing at all. Our systems don't leave enough bread crums around to reconstruct even interior hostile activities, much less semi-intelligently disallowing Google to not index confidential information when accidentally left exposed.
[+] [-] gcb0|10 years ago|reply
when you decide to buy something for $x instead of paying someone who knows what they are doing to implement something with proper standards for $5x show on things like this
[+] [-] unsignedint|10 years ago|reply
[+] [-] r3bl|10 years ago|reply
Sure, it's weak, but at least it won't be accessible through Google.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] peterwwillis|10 years ago|reply