Responsible disclosure: Supporters and critics

By | August 16, 2017

Doing the right thing doesn’t always please everyone

Recently I’ve been having a refresher around the area of Google Dorks – using sites and content indexed by Google to carry out Open Source Intelligence (OSINT).

As is always the case, you’ll stumble across some interesting items that you can be sure the owner doesn’t want being indexed – and therefore publically accessible – on Google.

I found a couple of links that I felt needed bringing to the attention of the content owners.  One was grateful and thanked me for alerting them so that they could remove the content.  The other was less pleased and in a nutshell, complained that I was sticking my nose in where I shouldn’t.  I’ve explained that it’s actually Google, not me that indexed the content that they didn’t secure, hopefully they’ll take care with the data that they store online and unwittingly share with every search engine spider.  I also hope that they realise there are others out there who could (or already have) taken a copy of the data and used it for their own gain.

Take-aways from this:

  1. Always look after your data, check what’s publically available
  2. Doing the right (ethical) thing won’t always be received well.