Shaun Mccran

My digital playground

30
S
E
P
2010

Once your data is online - its online (forever)

Two recent news stories have brought to light the dangers of what data people are happy to put online, without really considering the wider implications.

The both stories have different antagonists, and both highlight the very real world dangers of storing data online, whether its on a social platform like Facebook, or a more traditionally unseen platform like a database.

The moral of both stories is clear: Once something is 'online', it is online, and there is no taking it back.

Users posting to Social Networking Platforms

The first story concerns a woman claiming financial recompense as she claims to have suffered injuries that stop her living an active lifestyle. This would be fine except that she has posted images of herself 'being active' on Facebook, so kind of shot herself in the foot there.

The 'bigger picture' issue with this is that despite these images being deleted, a judge in America has ruled that the deleted images be turned over to the courts.

Looking through Facebooks privacy policy they make no bones about the fact that whatever you post is potentially public data, even if it's a 'friends only' post.

This also highlights that their deletion routines aren't really hard deletes. Facebook uses a CDN (Content Delivery Network) and it can take some serious time for even a soft delete to filter through a large CDN. That delete action has to filter through multiple server farms on multiple countries, usually across continents too.

The Register has the full details of the case here: http://www.theregister.co.uk/2010/09/29/facebook_deleted_posts/

Companies Storing data unsecurely

A prominent Anti file-sharing law firm ACS: Law have been in the press a few times for their controversial practices concerning chasing unconfirmed people over piracy claims. The raising of their profile in the media has lead to them becoming a target for several pressure groups, and a variety of hacker organisations.

They suffered from a Denial of Service Attack recently that saw their site go down, and hackers gain access to their server.

This is pretty bad news for a company, but ACS: Laws problems were compounded by the fact that the hackers found an unencrypted database full of customer data on the server.

Take a second to read that again, unencrypted data, being stored on a Webserver. There are many 'best-practice' methodologies in the IT industry. They ALL recommend storing client data in an encrypted format, usually in several tables so that data isn't stored together.

It is also best practice to have that data somewhere secure! Not on a Webserver, you really should consider anything on a Webserver as public, IE someone could get to it if they tried hard enough.

One source of the client data, SKY (Tv broadcaster in the UK) has publically confirmed that it did send data to ACS: Law, but when it did it was encrypted. Understandably the company is now under investigation for breaking the Data Protection Act.

Read more here:

http://www.theregister.co.uk/2010/09/27/anti_piracy_lawyer_email_leak/

http://www.theregister.co.uk/2010/09/28/acs_ico/

TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
EV SSL Certificates's Gravatar When i got live again for christmas i had to recover my GT to my xbox. and when it did it basically erased those acheivements and gamerscore. Now i still have the saved data on my HD. Ive searched around and the best answer i got was just to play a mission or play the game and hopefully it will recognize the data from the HD and bring the achievements back. I did that on forza and it brought most of the career acheivements back. I tried CoD mw2 and nothing happened, tried ace combat 6 and nothing happened.
# Posted By EV SSL Certificates | 13/10/2010 17:20
Back to top