Saturday, November 13, 2004

msn search

so it's 6:30am saturday morning.. woke up dehydrated with a bit of a hangover and decided to surf the web a bit while drinking some water to kick it.. i came across some crazy stuff related to msn's new beta search (http://beta.search.msn.com)..

so, first thing i did in an effort to gauge msn search's effectiveness was obviously to search for my name, "adam herscher". it came up with MUCH more info than google, including my UM directory listing! msn search actually indexes and caches :

http://directory.umich.edu/ldapweb-bin/url?ldap:///uid=ahersche,ou=People,dc=umich,dc=edu

finding my cell phone number through google used to be a 2-step process.. maybe you could find my personal engin space, and therefore my uniqname.. and then figure out that UM has a directory.. but now, just pop in my name in quotes and get back my cell phone #! wow. scary, yet somehow not enough to get me to change my directory entry. msn search has a link: feature like google where you can see the link hierarchy that led to the indexing of a page. turns out an ITCS web page links to the "unix admins" directory entry as a resource. i'm a member of that group, and hence, i'm indexed as well (which in turn may lead to the indexing of groups i'm a member of and then to the indexing of other peoples' entries who are in those groups if they are non-private.. hmm!)

ok, so here's another crazy find.. i've known for a long time that there's at least one other "adam herscher" out there. i've seen references to him in google, but he doesn't have much of an online presence (though neither do i really).. so, msn search turned up a page about someone's internship experience in mexico:

http://dmsweb.moore.sc.edu/internreports/classof2004...

the author wrote "I live with Adam Herscher, another IMBA student".. so i figure ok, i'll search for "Adam Herscher IMBA". well, i'm so used to firefox's search box (google), that i forget to use msn search. what does google turn up? THE OTHER ADAM HERSCHER'S SOCIAL SECURITY NUMBER!@$!

http://dmsweb.badm.sc.edu/pmarshall/IMBA/IMBA_Roster.xls

lots of social security numbers actually. wow. (note: i imagine many of these links will stop functioning over time.)

so.. i start thinking about a few things at this point.. first, msn search doesn't have the same page. maybe it doesn't index excel spreadsheets, and/or maybe the 2 search engines simply index different sets of pages. do i need to start searching multiple search engines now? or use one of those tools that does so automatically? *sigh*

this also gets me thinking more about internet-user-stupidity.. the general public's lack of security knowledge.. people as the weakest links.. it reminds me of kevin mitnick's book "the art of deception: controlling the human element". great read.

and of course, it gets me thinking about the use of social security numbers as identification and authentication. perhaps i'll email those responsible for maintaining the web server publicly hosting all of those social security numbers. but does that really solve, or even make a dent, in the larger issue? aren't there thousands of people who will make the same and similar mistakes for every one i happen to stumble across?

there aren't any revelations to be made about the way in which the internet impacts peoples' privacy, facilitates identity theft, etc.. many have written about it, and i'll probably collect my thoughts on the subject at some point as well.. but it's worth noting that i truly feel we're still at the tip of the iceberg on this one.. to be continued.

sidenote.. this is the first blog entry i've ever written, so comments will make me very happy :-) i will blog on the subject of why i decided to start blogging, later. thanks for reading!

3 comments:

Anonymous said...

So, how do you feel about the death of Yasser Arafat then? Will this ring in a new era of peace, or will those that replace Araft usher in a new wave of terrorism (further delaying any peaceful situation)?

adamjh said...

Your guess is as good as mine.

BloggHogg said...

BloggHogg says OINK OINK