This search engine may find what your agency may not want it to
I made a recent Web search discovery that might help your office find things, no matter what they are. It also might serve as a wake-up call for agency security.
The local animal control officer asked for my help finding the owner of a rescued dog. All I had to go on were a collar and part of a leash. I could make out the words Animal Hospital and a seven-digit phone number on the leash, but no area code or business name. They presumably were on the part the dog had chewed through.
I could have tried a reverse directory search for kennels and veterinarians having that phone number in every area code near where the animal was found. But it would have taken a long time and, as the animal turned up near a state park, it wasn't necessarily from the area.
I found a much easier way to search on the Web, at www.555-1212.com/search.cfm
. I entered what information I had in a freeform search string. The search engine turned up a hit almost immediately for a veterinarian with the correct phone number, 100 miles from where the dog was found. Find it here
No matter what you are searching for, if the usual search engines such as Yahoo.com and Google.com don't help, try the 555-1212.com
metasearch engine. Search on your name, that of your agency or related text strings. See just how much information is freely available. If you don't find something you would rather not have public knowledge, you are either lucky or you need more practice at Internet searches.
You will probably come away with changed opinions about security, unless you happen to want personal or agency details known to everyone from your next-door neighbor to someone in Moscow or Beijing.
Any mention of your name or agency anywhere on the Web can probably be found fairly easily. There are experts out there doing such research. Most of the information is benign or may seem so, but what about when it's merged? Could, say, a kidnapper determine how many children you have, their ages and where they go to school? Could a hacker learn the brands of server and firewall software your agency uses or how often you change network passwords?
This is the rapidly evolving electronic version of Dumpster diving, used by criminals, private detectives and even police to find out such things as credit card numbers. Information on the Web is different, but no rubber gloves are needed, and there is a lot out there. Some agencies have realized this and taken new security steps that I applaud, even though they make my work as a journalist more difficult.
A basic tenet of security is not to discuss details about security procedures. Although I freely write about the physical and electronic security measures in software I test,
I won't reveal the packages I use.
For an agency, a similar policy would mean not making public the names of the products you use to secure your systems. Crackers with such knowledge can guess how to attack them.Taboo talk
Until recently, information technology employees at many agencies were allowed, even encouraged, to discuss their latest software acquisitions. I felt ambivalent about this because it seemed like a security breach, but on the other hand, reporters
are supposed to write about what agencies use.
A few agencies have begun to institute draconian policies forbidding any such revelations. This is probably good, even though the public still has some right to know what agencies are doing with hardware and software.
It won't make me popular with First Amendment supporters, but details about electronic security procedures and software should always be agency secrets. John McCormick, a free-lance writer and computer consultant, has been working with computers since the early 1960s. E-mail him at [email protected].