www.internetnews.com/ec-news/article.php/3643341
By Clint Boulton November 10, 2006 (Page 2 of 2) Gibberish Mobs But there are other, more sinister DOI attacks on the horizon, said Andrews. Using a falsely created identity the way so many pranksters did with Hotmail accounts years ago, a perpetrator could enter someone else's name to make it seem like the user is looking up potentially embarrassing or incriminating searches. Or a user could walk into a corporate office, sit down at a user's desktop while he or she isn't there, log on to the human resource department's intranet and research a bunch of mental health information. This could raise some red flags for the company. Andrews also said "gibberish mobs" will pop up. In these attacks, perps will vandalize and pollute data to harm companies that scan search logs to get an accurate reading on individual interests. "Someone can build a script that does meaningless searches to throw off search results and breaks a company's ability to understand what's in their system," Andrews said. "Or they might run searches to have a hacking impact and bring down the search engine" similar to the way a DOS attack cripples computers. Searching For The Truth What does the future hold for search? Andrews said we can expect to see poisonous search scripts and tools to hit the Web underworld and be taken up by script kiddies, similar to the way so many Slammer, Nimda and MyDoom viruses slithered their way on to the Internet. "We now assume people lie when they author content for the Web. Why shouldn't we assume people will lie when they conduct inquiries on the Web," Andrews argued, predicting there will be an impact at Yahoo, AOL, Google, MSN and even Amazon. Moreover, he said enterprises that use proprietary search tools have a greater problem because they might not have the same degree of search resources to dedicate to a search-based DOI attack. Nissenbaum sees Andrews' point, and wonders if companies could be in collusion with search engines about putting relevant data lower on the results list, making it more difficult for users to find. "How do I know that the company isn't somehow messing up the results that I'm getting or paying off the search companies to put the result that I really need down at the bottom of the list?" she wondered. "Unless we become much better educated and unless we insist on much greater transparency from search companies, we're not going to be able to discern properly what we're getting back. I think that this is going to be a problem." As for TrackMeNot, Nissenbaum said she and Howe are improving its ability to confuse those who read search engines, changing up feed lists to throw more garbage into the mix. And if TrackeMeNot can be improved, certainly other users with the technical know-how can create tools to cause search mischief. Andrews thinks search-based attacks are inevitable. "As the value of searches and search logs increases, and as enterprises exploit these capabilities and turn the insight in an automated fashion back to users, vandalism and sabotage of this data will increase," Andrews said. |
| Go to page: Prev 1 2 |