Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers Go Googoo Over Google

From: Dave Farber <dave () farber net>
Date: Thu, 10 Apr 2003 19:44:42 -0400

------ Forwarded Message
From: Will Doherty <wild () eff org>
Date: Wed, 09 Apr 2003 11:22:00 -0700


Hackers Go Googoo Over Google

CHICAGO (HIPAA Wire) Just when you thought it was safe to take a dip in the
warm sea of electronic information sharing & along comes a PHI predator.

Google: Millions of Americans use the search engine every day for
information on virtually any topic on the planet. So, who wouldve thought
that such a useful resource could have become a tool for hackers who want a
glimpse into our medical files?

Well, thats exactly what appears to have happened, according to industry
sources. For instance, Wired.com last month described how hackers had used
Google to infiltrate other computer networks that lacked proper security
procedures. And some say that search engines like Google enable hackers to
identify easy targets susceptible to security breaches.

The American Medical Associations amednews.com reported April 7 that some
databases use templates and canned phrases that Web search engines can pick
up. For example, in one case hackers typed, select a database to viewinto
Google, a phrase that often appears in databases from FileMaker Inc.,
amednews.com says. The result: Google returned more than 200 database
listings in the search, and although most of those databases were secure,
several did have information accessible to hackers, amednews.com asserts.

The reason those databases were accessible is they contained passwords that
users hadnt changed when they received the system.

As an example of what hackers are capable of, amednews.com reports that
hackers accessed more than 5,000 neurosurgery patientspersonal and medical
information at Philadelphias Drexel University College of Medicine simply
by typing the name of the database product into the user ID and password
fields. While in this particular case, the hackers accessed Drexels records
solely as an experiment. The test did prove that such records could easily
fall prey to the unscrupulous.

To read the story in its entirety, go to:

    * 
<http://www.ama-assn.org/sci-pubs/amnews/pick_03/bisb0407.htm>wwwama-assn.or
g/sci-pubs/amnews/pick_03/bisb0407.htm




------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: