1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Google "hacked our website"

Discussion in 'Google' started by mariush, Jun 26, 2006.

  1. #1
    Google "hacked our website"

    School takes on the might of Google

    By Nick Farrell: Monday 26 June 2006, 07:31
    A SCHOOL board has won a temporary injunction against the search engine outfit Google.

    Judge Richard D. Boner (no really) issued the injunction in favour of Catawba County Schools which alleges conversion and trespass against Google.

    The schools claim that Google's search engine spider grabbed information they shouldn’t have and posted it on the Interweb.

    The data included the names, Social Security numbers and test scores of 619 students which are still available online when the page was removed by the schools.

    Catawba County Schools chief technology officer Judith Ray the information was stored in the system’s DocuShare server, which required a username and password to access. She said that one of the students on the list had a presence on the Web. Google’s web spider latched onto her name in this document.

    "We were not aware that password-protected sites are set up like that. To our knowledge, Google could only cache unsecure information that did not require a password or username," she said.

    A spokesGoogle said that it was impossible for its spider to bypass a password.

    http://www.theinquirer.net/?article=32637
    http://www.journalnow.com/servlet/S...5340&path=!localnews!newsvine&s=1037645509099
     
    mariush, Jun 26, 2006 IP
  2. Art

    Art Peon

    Messages:
    714
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I saw this previously but wasn't sure if anyone else had posted it. Can the Googlebot visit pages through passworded links? i.e. http://USERNAME:PASS@school.edu? Perhaps they should've found the initial access point where the spider managed to read all their knowledge.

    In all seriousness... is the Googlebot meant to be psychic? How does it know what to spider and what not to spider? The issue lies with the school's IT department and not Google. If a spider could get in... think about the people who want to get in.
     
    Art, Jun 26, 2006 IP
    irka likes this.
  3. NoobieDoobieDo

    NoobieDoobieDo Peon

    Messages:
    1,456
    Likes Received:
    53
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Ya, hacked implies steps were taken by hand out via an automatic program for the purpose of illegally gaining access to something.

    If you give me a link with the username/pass included it's a bit of a stretch to say I "hacked" it.
     
    NoobieDoobieDo, Jun 26, 2006 IP
  4. lorien1973

    lorien1973 Notable Member

    Messages:
    12,210
    Likes Received:
    602
    Best Answers:
    0
    Trophy Points:
    260
    #4
    lorien1973, Jun 26, 2006 IP
  5. latehorn

    latehorn Guest

    Messages:
    4,677
    Likes Received:
    238
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I'm 100% on googles side this time.

    1. Googlebot doesn't hack session passwords, just stupid GET passwords
    2. In other case, use the robot.txt if you don't want some pages to get indexed.
     
    latehorn, Jun 26, 2006 IP
  6. Art

    Art Peon

    Messages:
    714
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Any school that employed an IT department that most likely set up their entire intranet but just so happened to use GET to pass their user/pass variables needs to fire their entire department.

    It sounds like their IT team messed up and threw the blame onto Google... some heads will roll when all is explained. Earning the ire of a massive corporation isn't my idea of fun.
     
    Art, Jun 26, 2006 IP
  7. Endurer

    Endurer Active Member

    Messages:
    1,113
    Likes Received:
    84
    Best Answers:
    0
    Trophy Points:
    90
    #7
    Right on the mark, latehorn!
     
    Endurer, Jun 26, 2006 IP
  8. Tara33

    Tara33 Peon

    Messages:
    612
    Likes Received:
    41
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I was waiting for someone to make this point! Anyone should know that a robots.txt will keep the spiders out; regardless of Google supposedly not being able to get into password protected areas. I see this as the only sure way to have a case against Google for indexing pages, which are not supposed to be indexed - with an robot exclusion command.

    I think they can forget about legal action, and would be appalled if they actually got one cent from Google.

    I also think parents should have issue with their childrens' SS numbers and private information be (potentially) advertised on the Internet by school systems. They should assign them a student ID and relate only part of their SS# to that ID; or something. Putting their SS#'s on the Internet was stupid to begin with, whether the page was protected or not!
     
    Tara33, Jun 26, 2006 IP
  9. Dejavu

    Dejavu Peon

    Messages:
    917
    Likes Received:
    53
    Best Answers:
    0
    Trophy Points:
    0
  10. RH78

    RH78 Peon

    Messages:
    158
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I'd have to agree and say that Google is blameless on this one. The IT dept. is probably someone who is just the contact person for the company that set the LAN there in the first place.

    A simple robots.txt can do wonders.
     
    RH78, Jun 26, 2006 IP
  11. Endurer

    Endurer Active Member

    Messages:
    1,113
    Likes Received:
    84
    Best Answers:
    0
    Trophy Points:
    90
    #11
    It's like they are blaming google for their own mistakes. Poor parents having no clue of how the web works will easily get fooled. Someone tell those parents to sue this school for being irresponsible with data privacy & protection.
     
    Endurer, Jun 26, 2006 IP
  12. The Webmaster

    The Webmaster IdeasOfOne

    Messages:
    9,518
    Likes Received:
    717
    Best Answers:
    0
    Trophy Points:
    310
    #12
    Its not google's fault.

    The school board should have been more carefull about their own security.
    Google dont read POST data/Sessions.
    There must be a loophole in the school's security.
     
    The Webmaster, Jun 26, 2006 IP
    irka likes this.
  13. talkwebz

    talkwebz Banned

    Messages:
    1,118
    Likes Received:
    37
    Best Answers:
    0
    Trophy Points:
    0
    #13
    i know..its not googles fault...seriously the school board needs higher security cause a simple spider can go into the school's infomation...wonder what will happen if it was a real hacker's spider or crawler...then the school is doomed..actually this will teach the school board some lesson..use higher security next time
     
    talkwebz, Jun 26, 2006 IP
  14. Grokodile

    Grokodile Peon

    Messages:
    425
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    0
    #14
    LOL. It's that darn "interweb" thingy... causing trouble again. What a bunch of retards at the school board.
     
    Grokodile, Jun 26, 2006 IP
  15. Phynder

    Phynder Well-Known Member Premium Member

    Messages:
    2,606
    Likes Received:
    146
    Best Answers:
    0
    Trophy Points:
    178
    #15
    Okay, so I will be the first person to defend the school.

    Google walks by someone's house and notices that the door is unlocked. They walk in and take a bunch of stuff. That is okay because the houseowner left his door unlocked? Sorry - I doubt you will find a court that will allow that.

    Does anyone have the facts in this case? Do you know what the robots.txt file looks like? Googlebot is notorious for reading files it is not supposed to - yet Google ignores complaints from webmasters.

    Sorry guys - I am on the school's side!
     
    Phynder, Jun 26, 2006 IP
  16. Dekker

    Dekker Peon

    Messages:
    4,185
    Likes Received:
    286
    Best Answers:
    0
    Trophy Points:
    0
    #16
    Ummmm Phynder, it's more like a person holding a sign that said "Hello" in big red letters, and then sued you for reading it.
     
    Dekker, Jun 26, 2006 IP
    irka likes this.
  17. The Webmaster

    The Webmaster IdeasOfOne

    Messages:
    9,518
    Likes Received:
    717
    Best Answers:
    0
    Trophy Points:
    310
    #17
    Did they say that Google indexed pages even it was prohibited in robots.txt (and yes we know how robots.txt looks like)?
    How would google know that what page it should not index unless explicitly said so??
    The school and its lame Web department (usualy run by a bunch of students) made mistakes after mistakes and now they crying out on google.
     
    The Webmaster, Jun 26, 2006 IP
  18. Phynder

    Phynder Well-Known Member Premium Member

    Messages:
    2,606
    Likes Received:
    146
    Best Answers:
    0
    Trophy Points:
    178
    #18
    Okay, but I still see it like this. A foolish/self-important SUV driver leaves his gas guzzling vehicle running, unlocked with the keys in the ignition in front of the Starbucks while he goes into to get his hot caffeine-based drink of choice.

    No matter how stooopid he is and how much we feel he might deserve it - anyone caught taking the vehicle (unsecured) will still be liable for prosecution.

    Sorry - I think this scenario is more appropriate to compare with the School vs. Google.
     
    Phynder, Jun 26, 2006 IP
  19. Phynder

    Phynder Well-Known Member Premium Member

    Messages:
    2,606
    Likes Received:
    146
    Best Answers:
    0
    Trophy Points:
    178
    #19
    Cool - please post their robots.txt.
     
    Phynder, Jun 26, 2006 IP
  20. Dekker

    Dekker Peon

    Messages:
    4,185
    Likes Received:
    286
    Best Answers:
    0
    Trophy Points:
    0
    #20
    No...because this would mean Google used their social insurance numbers to commit fraud or a crime.
     
    Dekker, Jun 26, 2006 IP