Students test scores and social security numbers posted online, school blames google.

[chowderhead]

?One of the students on the list had a presence on the Web,? she said.

why do I get the feeling it was a myspace page?

 

[FP]

Originally posted by: mugs
That is HILARIOUS. I take it they had a login page to validate people's username and password, but once they got in none of the other pages actually checked to see if the person was logged in? They were just hoping nobody ever guessed the URLs or used a computer with the URLs in the history. Not sure how google ended up crawling the pages though - I guess someone must have linked to one of the inner pages?

If these people had any idea what they're doing (which they clearly don't) they could pretty easily find out how the google bot got in.

I am guessing their "secure" site was using basic auth which can easily be linked past by doing the age old trick of embedding a username/password in a URL ie. http(s)://username: Password@server/resource

Someone probably had a public website that linked to the secure site this way.

Google just found the link and followed it.

Could Google refuse to follow such links? Yes... They probably shouldn't be accessing pages that require auth.

 

[PingSpike]

Originally posted by: chowderhead

?One of the students on the list had a presence on the Web,? she said.

why do I get the feeling it was a myspace page?

Sue myspace!