lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 12 Apr 2007 09:00:19 -0400
From: <neal.krawetz@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Let's Winnuke Google!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For more than a decade, privacy advocates have been concerned about
the information collected by public search engines. All of their
concerns were realized last year, when AOL released nearly a
quarter million search requests performed on their search engine.
Although the data did not have IP addresses or user names, it did
contain AOL tracking numbers. These allow people to match queries
to users, and in many cases, identify individuals.

Although AOL quickly removed the data, their reaction was too late.
The data has been mirrored and is widely available.

It seems that Google has begun to respond to privacy concerns. One
common belief is that Google has saved every query from every IP
address ever made on their massive system. In the official Google
blog, they mentioned taking some steps to protect individual's
privacy. As reported by Network World magazine:

    Google will alter cookie information and change the last eight
bits of the 32-bit IP addresses that identify computers logged onto
the company's search engine.

Wow... So they will reduce the identity from one IP address to a
possible 256 IP addresses. <sarcasm>Gee, that sounds secure to
me.</sarcasm> Considering that IP addresses can be used to identify
a very specific region, and that all 256 possible addresses are
likely in the same part of the same city, identifying individuals
would actually be easier with Google's data than with AOL's data!
(AOL only gave a unique tracking number, not the country or city
information that can be derived from an IP address.)  I doubt that
Google is a private company that generates revenue off of their
targeted advertising expertise, and there is absolutely no
legitimate value in this information to anyone.  While it is
acceptable to ignorantly profile based on ethnicity and
nationality, it is not acceptable to analyze marketing statistics
based on geographic location.  No good can come from this!

I am a huge privacy advocate, and strongly encourage readers of
this article to start using The Electronic Frontier Foundation's
TOR for anonymity's sake, to prevent evil corporations like Google
from generating revenue off their otherwise free service to you,
the casual netizen.  However, please do not use TOR to read my
blog! I must know the location of each blog reader, since I am such
a huge Internet privacy advocate!  :-)
]
Adding to the humor of this less-than-secure solution, Google's
blog says:

    Our engineers are already busy working out the technical
details, and we hope to implement this new data policy over the
coming months (and within a year's time).


I think we should help Google solve this problem. Which do you
think is more secure?

    * 192.168.15.x
    * 192.168.15.xx
    * 192.168.15.xxx
    * 192.168.15.xxxx
    * 192.168.15.xxxxx
    * 192.168.15.xxxxxx
    * 192.168.15.xxxxxxx
    * 192.168.15.xxxxxxxx
    * 192.168.15.xxxxxxxxx
    * 192.168.15.xxxxxxxxxx
    * 192.168.15.xxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxxxxxx
    * 192.168.15.xxxxxxxxxxxxxxxxxxxxxxxxx

or, perhaps:

    * 192.168.15.abcdefghijklmnopqrstuvwxyz ?

Send your fecal excretions to Privacy Matters, c/o Google Inc.,
1600 Amphitheatre Parkway, Mountain View, California, 94043, USA.

And remember, "Do No Evil" is not the same as "Don't Act Stupid",
and certainly not the same as "Don't Fuck Fat Chicks".

- - ^d0c_n34l^ [HFG/gH/ILF/ACiD/MoD/TaMU]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYeLPoACgkQDpFP8dW5K4awwQP/c5ILaIBKHPwwneiL/tk+YUYTQWUI
rRhpqExWxGZnfYwBG8eZRoKgIZSr6f+KaiFaT5cGFJ57PfXq2o3yqm0c5af5Z8K5Ch/w
GfGUjAmyhq23eoI9BjyKGPlXsAgu57wBhy+kkZdpjLov9EHl/FeOQ2X3kIOtsqKJ7spI
PL1r3Ts=
=0UgV
-----END PGP SIGNATURE-----

--
Click for free estimate on vinyl siding, 200% stronger & lower cost
http://tagline.hushmail.com/fc/CAaCXv1SJEHSwqHohStIXwDGx75NNAPg/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ