Security Security meetup Jan 09: Information Leakage

Posted on by Luther Goh Lu Feng

The speaker for this meetup was Onn Chee who presented on information leakage of web servers.

Using several case studies, Onn Chee showed that an alarming amount of information leakage just by searching on the web, even without the use of hacking tools.

The greatest sources of information leakage are goverments, educational institutions and hospitals. Private and personal information such as NRIC, address, hp number are some of the information commonly leaked in local case studies. This could have implications for singpass, spam and social engineering. So it might be a good idea to start googling your NRIC or mobile contac and see what Google churns up. :o

In one of the examples, a “dishonour” roll was also leaked. Such information could cause embarassment to the listed individuals

One of the good practices shared was the used of sanitised error pages, in which case IDs are given instead of server errors. A joke was cracked from the audience that certain servers return error pages often enough google ads should be added to the error pages in order to earn income.

There was also a short discussion about the lack of data privacy law in Singapore. Meanwhile if one wishes to get personal information off the internet, a shared anecdote says that the best way is to “complain till the organisation can’t take it anymore” :p

Amongst the attendees, there was a student from Temasek Polytechnic who shared an upcoming security seminar in TP: //allboutsecurity.wordpress.com

Do post a reply if you are interested to go for the seminar and /or the next security meetup!

PS. There was an NUS undergrad at the talk. If anyone knows who he is, please let us know! Always good to know that fellow NUS students are involved in such stuff :D

comments powered by Disqus