|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] Details on AOL search log disclosure
From: Chris Walsh (cwalsh
cwalsh.org)
Date: Mon Aug 07 2006 - 22:03:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
They must have a more selective regex than mine. I got 260 hits.
Selecting those results which also contain the word 'social' results
in 22 hits, with many that are clearly attempts to look up the
records of a specific individual -- often supplying an address and
DOB as well as an SSN.
The regex I used is:
/(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]+?)(?!00)\d\d\3(?!0000)\d{4}/
It is a minor variant of one found at http://www.regexlib.com/
REDetails.aspx?regexp_id=535
(Checking for CC#s now....)
On Aug 7, 2006, at 4:26 PM, lyger wrote:
>
> (from Dave Farber's IP list)
>
> Begin forwarded message:
>
> Date: August 7, 2006 1:12:38 PM EDT
> Subject: Re: [IP] AOL Releases Search Logs from 500,000 Users
>
>
> A search for an SSN shaped regex on the full AOL search data
> returns a 191
> results including repeat searches. Many of these have full names,
> and at least
> a dozen include either an addresses, drivers license number, date
> of birth or
> some combination of the three in the same query. There's no
> telling how much
> more information an aggregation of other queries by those same user
> ID would
> yield.
> _______________________________________________
> Dataloss Mailing List (datalossattrition.org)
> http://attrition.org/errata/dataloss/
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/errata/dataloss/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]