Lock Down your Data! - Sheesh, this is so dumb...

4 comments

On this system i have a rudimentory referer list that keeps a track of incomings over the last few hours. It's pretty neat to see if suddenly a lot of people are talking about something on TW in a forum for example.

I just clicked an odd looking one that went to someones "start page" - Here's what i found:

  • ALL his affiliate sites
  • A link to CJ complete with password in the url - direct access to his earnings.
  • Shit loads of other passwords and logins
  • Links to other family member "start pages" that had the same kind of stuff!

So, after having a nose around (well why not? im only human after all...) I left a note on his "todo list" telling him to lock his and his families pages down NOW...

Crikey, how could you leave data like that open for just anyone to go look at? An unscrupulous individual could have a ball with that kind of information...

Comments

Also

Go to 'about:config' in the address bar and look for network.http.sendRefererHeader click it and set it to 0

Wow, what a first day back! im off to bed...

> Or is there a way to hide i

> Or is there a way to hide it?

Yeah. Webdeveloper can disable referrer.

http://www.chrispederick.com/work/firefox/webdeveloper/

What about Firefox?

Does firefox automatically send out referrer information? Or is there a way to hide it?

People don't know

If CJ has left open this "hole" they are the ones to blame - not the pure sucker that just click a link from within their admin. In fact, in most countries such holes are illegal! You, as a website owner, has the responsibility of keeping confidential information secure. I know there has been cases about this in Denmar k - not sure about the US (but I bet there is similar cases there)

Nick, if you can doccument this I would send it to CJ right away!. DO NOT walk around in the password protected area as it could very well be illegal (even though you just followed the link)