mardi 22 juillet 2014

Search engine Indexeus can tell you if your passwords are available to hackers online

indexeus_contentfullwidth


While the rest of the world is debating the rights and wrongs of the "right to be forgotten" in the European Union, one Portuguese entrepreneur with remarkably few scruples has been making a fast buck out of the idea. Indexeus, designed by 23-year-old Jason Relinquo of Portugal, is a search engine that boasts a searchable database of "over 200 million entries available to our customers".


The site allows anyone to search through millions of records from some of the larger data breaches of late -- including the recent massive breaches at Adobe and Yahoo! -- listing huge amounts of information such as email addresses, usernames, passwords, Internet address, physical addresses, birthdays and other information that may be associated with those accounts.


Most of the information, however, comes from breaches and hacks of forums popular in the hacking community, meaning that this is one of the largest depositories of hackers' personal details ever made available.


The whole idea of Indexeus is that people who don't want their details to be searchable can pay a "donation" of $1 per detail to have the information removed, or "blacklisted".


As a disclaimer on the site originally explained, "The purpose of Indexeus is not to provide private informations about someone [sic], but to protect them by creating awareness. Therefore we are not responsible for any misuse or malicious use of our content and service".


While high levels of traffic seem to have downed the site, and only a CloudFlare Always Online snapshot is available, users are recommended not to make any payments to Relinquo when the site does come back online.


In fact, since being exposed on Brian Krebs' security blog, Relinquo recently modified his terms of service so that users don't have to pay to have their information removed from the site. However, it remains unclear how users would prove that they are the rightful owner of specific records indexed by the service.


"We're going through some reforms (free blacklisting, plus subscription based searches), due some legal complications that I don't want to escalate," Relinquo wrote in a chat session. "If [Indexeus users] want to keep the logs and pay for the blacklist, it's an option. We also state that in case of a minor, the removal is immediate”.


Relinquo has suggested that the EU's right to be forgotten ruling, which has been causing so much consternation with Google, is the source of the so-called "legal complications".


So maybe there's a bright side to the right to be forgotten ruling after all?


Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.






Aucun commentaire:

Enregistrer un commentaire