Personal Information Leak
I was exposed to a bunch of very interesting blogs writen by people considered ranging from above-average to brilliant. The blogs were quite interesting and I was losing hours reading them during my daytime in my weekdays!
The blogs themselves were very good and in English. They were created in mid-2004 and though not updated very regularly due to personal reasons quoted in the blogs, have been updated quite a few times. As mentioned before, the authors themselves (even though I do not know them personally) atleast dont sound stupid.
As I was reading through one of the blog entries, I found that at one point it had supported anonymous comments even without the CAPTCHA requirement for commenters. But later it has corrected both and the comment spam had reduced almost completely.
Coming to the crux of this blog entry, there was a serious security flaw. The blogs had accumulated enormous amount of personal information over the months. Though instinctively the authors have always made an effort to not let dangerously personal information public, they had obviously overlooked the fact that they have infact made public a lot of their personal information amortized over about 50 articles or various sorts.
The personal information I was able to filter out includes but not limited to,
1. Date of births of the author and other family members
2. The family members and their gender, names and pet-names
3. Industry, occupation and education
4. Friends and their details
5. Her/His regular eating habits, sleeping habits, commutation to work
6. Marital status
This is a serious problem to make public a large part of the set of personal information. The problem is made much more difficult to solve because many people have grown fond of writing blogs, also encouraging others to write blogs with content similarly leaking information. They all fail to see that the accumulation of a string of such small leaks could potentially be exploited by any entity for malicious reasons.
I could not really think of anything to do but show to them that they have a problem and they need to look at it, by posing as a psychopath, commenting in their blog. I hope this document is a valid proof of my intentions. Apologies run ahead to parties concerned.
The blogs themselves were very good and in English. They were created in mid-2004 and though not updated very regularly due to personal reasons quoted in the blogs, have been updated quite a few times. As mentioned before, the authors themselves (even though I do not know them personally) atleast dont sound stupid.
As I was reading through one of the blog entries, I found that at one point it had supported anonymous comments even without the CAPTCHA requirement for commenters. But later it has corrected both and the comment spam had reduced almost completely.
Coming to the crux of this blog entry, there was a serious security flaw. The blogs had accumulated enormous amount of personal information over the months. Though instinctively the authors have always made an effort to not let dangerously personal information public, they had obviously overlooked the fact that they have infact made public a lot of their personal information amortized over about 50 articles or various sorts.
The personal information I was able to filter out includes but not limited to,
1. Date of births of the author and other family members
2. The family members and their gender, names and pet-names
3. Industry, occupation and education
4. Friends and their details
5. Her/His regular eating habits, sleeping habits, commutation to work
6. Marital status
This is a serious problem to make public a large part of the set of personal information. The problem is made much more difficult to solve because many people have grown fond of writing blogs, also encouraging others to write blogs with content similarly leaking information. They all fail to see that the accumulation of a string of such small leaks could potentially be exploited by any entity for malicious reasons.
I could not really think of anything to do but show to them that they have a problem and they need to look at it, by posing as a psychopath, commenting in their blog. I hope this document is a valid proof of my intentions. Apologies run ahead to parties concerned.