Choicepoint knows averything about everyone and everyone knows everything about Choicepoint...
| Récapitulatif
des papiers sur le monde étrange des administrateurs réseau et systèmes |
| Récapitulatif
de nos copies d'écran sur ce même monde étrange Cette page n'est plus mise à jour depuis août 2001 |
| Taijiquan style Haking (dot com) |
| Sasak style Haking (dot com) |
| Le Match Kitetoa versus Ugly Discoursmarketing |
| It's a funky job. But Kitetoa's digital clone does it... |
| Do you know info-hack Kung-Fu? |
| La hotte du Kitetopapanoël |
| Ze Mega
Kite-Teuf! La fête de l'été de Kitetoa... Les sites les plus nazes de l'été 2000 |
| La
Loi de 78 impose aux entreprises de protéger les bases de données qu'elles constituent... |
There are some giant private data collectors you never hear of. No doubt Choicepoint is one of these. I recently read a chapter of the book (to be published) of a friend in which this name appeared. One learns in this text that Choicepoint made an agreement with the American authorities (FBI and tax authorities - IRS) to let them reach the American people's personal data (telephone, whealth, judgments) via its Web servers.
In fact, when you go to www.choicepoint.net, you can read: "ChoicePoint has grown from the nation's premier source of data to the insurance industry into the premier provider of decision-making intelligence to businesses and government. Through the identification, retrieval, storage, analysis and delivery of data, ChoicePoint serves the informational needs of the property and casualty market, life and health market and businesses, including Fortune 1000 corporations, asset-based lenders and professional service providers, and federal, state and local government agencies. ChoicePoint keeps abreast of the issues and trends in anticipation of what we believe to be a future opportunity of risk assessment information delivery. The Company strives to build and sustain long-term relationships through always understanding its customers' needs, while responding effectively with products and services that reflect changing industry concerns and dynamics. In addition, ChoicePoint strongly promotes the responsible use of information as a fundamental plank of its business model and maintains and upholds standards regarding the use and dissemination of information."
On the "privacy" page, you'll find this: "To demonstrate our further commitment to online privacy, ChoicePoint is a licensee of the TRUSTe® Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build users' trust and confidence in the Internet by promoting the use of fair information practices. TRUSTe's certification covers the websites gathering and dissemination of information not any services or products. We have disclosed the information practices of our web site to TRUSTe, and TRUSTe has reviewed and approved our online privacy practices for compliance with TRUSTe's online privacy standards." Pour l'aspect sécurité, pas de problèmes: "collected through this web site. We recognize the importance of security for all personally-identifiable information collected by our web site. We exercise care in providing secure transmission of your information from your PC to our servers. Once we receive personally-identifiable information, we take steps to protect its security on our systems. In the event we request or transmit sensitive information, such as credit card information or Social Security Numbers, we use industry standard, secure socket layer ("SSL") encryption. We strictly limit access to personally-identifiable information to those employees who need access in order to carry out their job responsibilities. All employees are prohibited from "browsing" through our files and databases. We train our employees in the application of our need-to-know standard. We periodically audit for compliance with this standard and we impose penalties for any failure to comply with this standard."
After the Doubleclick story clic here or here which had teached us how much the companies which collect our personal data are anxious to make their servers safe, we could not retain ourselfs from having a look (more closely) to the Choicepoint web servers. The ones which run Lotus Domino (IBM) are wide opened...
Above all, it is possible to see the list of all the bases which contain the data stored on the site. It is a rather idiotic method to let the web surfers reach this page... It is however specified in the Lotus document "how to secure a site running Lotus-Domino" (yes, we know it's almost impossible to secure a web server running Lotus-Domino...) that one sould not act this way. But no matter, Choicepoint, which collects American people's personal data and presents itself as a defender of privacy (who's going to buy that shit?), lets spin some peronal data.
Let us take some concrete examples...
You go to the site, just ask for the page which contains the list of all the information contained on the server and enter into more details. One quickly arrives on the list of the companies which would like to become vendors for Choicepoint's services. What's more, one finds the detail of "why my company wants to become a vendor"... You can also see the awnsers prepared by Choicepoint for the applicants. Other visitors wished to get more information on the products. It is, what companies call "leads". One finds easley the leads' list of Choicepoint. With names and company (if one can call the FBI a company...;) Other part of the site which should not be opened for any web surfer is a list of all the requests made by the customers (who did it and when). The pages of the so-called Intranet (which is in fact viewable on the Web without any protection) let see who made requests.
That's it.
Imagine... If reaching this information is so simple, that could do a true cracker? I wonder what would say the the funky guys at TRUSTe? Because TRUSTe affixed its seal on this site... Nothing I guess. Let's autorergulate, they said. Sure, it is much more simple...