BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

How Much of Your Data Can Be Found on the Web?

Posted June 1, 2010    Morey Haber

I came across another website that invades my personal privacy and makes my personal data available to anyone that searches my name. While the results are not 100% accurate, the amount of correct information returned is rather alarming.

What makes it more disturbing is that they provide a vehicle to remove your information and also try to solicit a vendor that helps remove your information.

This reminds me of fake antivirus programs trying to sell their product to mitigate a bogus threat, but in this case they actually know where I live!

My final insult to this invasion is that I do not want to be hidden from the internet. My livelihood depends on you finding this blog and other articles that I write so it is in my best interest not to try to hide my information, but I certainly want to hide personal data from websites like this.

So what’s a user to do? In all honesty, there is not much I can do. I own a home and therefore have a public record of my property, have been married, and therefore a license exists, and I exist on several social media websites. At this point in the game, nothing will erase me from the internet and remove my personal information except for a witness protection program.

So what’s the purpose of this blog? Simply to raise awareness that these sites exist and that if you participate in activities on the web, your data is available to sites like this as well.

To that end, I’ve compiled a quick list of sites for you to check your own exposure and request removal (if possible) as well:

This list is by no means complete. Paid sites like AutoTrack provide many more details, but some of the free ones listed above are just as eerie with the details they provide. If you doubt your privacy, take a look. If you’re worried, try searching with your children’s names; hopefully you get no data. Luckily, places like Spokeo will not publish information for minors if they can associate an age with the data. Once they hit 18 however, all their data is fair game.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,