"Hacker" at work

I have been embroiled in what unintentionally became a "flame war" on

the "Casual Conversation" thread. I had declined to reveal the html for my

photo site, preferring to keep that private. Well, some jerk apparently

couldn't resist the challenge and somehow managed to "hack into" my photo site,

then displayed the html. for all to see. Obviously, I resent this intrusion

into my privacy, and I certainly resent photo.net being used by some hacker as

a vehicle for invading the privacy of my site.

 

Thankfully, that ghastly thread has now been deleted, but I note that it can

still be found via your Google-assisted search engine. I would appreciate,

indeed, urge you, to remove this person's post. I consider it a misuse of this

site and a probable violation of your rules. I don't recall this polecat's

name, but his post appears near the end of this lamentable thread. Please

contact me if you have further questions, but I think it entirely inappropriate

to leave this post on the thread lest every sort of "crazy" start posting God-

knows-what on my photo site. Thanks, Shane Usary.

It's not hacking to find the URL of your website.

 

All he did was post the URL of your website, which is open for anyone to view since it's on a public area of a popular photosharing site. It's hardly a secret.

 

However the thread was closed and the "information" in it was pretty much useless so I deleted it.

Not having bothered to research it, Shane, it sounds like you simply need to correct whatever vulnerability it is that allows a URL-based attack on your web site. This is usually what's called a "SQL injection vulnerability," and believe me when I say that if your site's code base is vulnerable to it, other hackers' robots are going to find and exploit it eventually, whether or not it happens as a result of some bit of friction or juvenile antics on a message board.

 

SQL injection vulnerabilities are well understood, and SHOULD be a thing of the past, security-wise. Even sites that exist in some obscurity are being found by malware bots... so don't treat the symptoms here, treat the problem: get rid of the vulnerability. It WILL be exploited again by someone else. Just a matter of time.

Photo.net was not used to find your website. If you wish to hide your photography from the world, you are going to need to work harder at it. As it has nothing to do with us (us being photo.net) and nothing to do with a "hacker". Just simple search engines at work.

Getting hold of the HTML for a page doesn't take any hacking, most web browsers can do it for you with a command something like View->Source or Right Click->View Source. Don't be under the impression that your HTML code is ever safe from being viewed.

I must explain to Messrs. Atkins and Root that my site is on a large photo site that is supposed to be ultra-secure. Not even other members of this site can reach my personal site. It can't be found by a Google search, even if the snoop knows the screen name I use. Supposedly, the only way it can be reached is if I give out the precise html. I don't "hide" my photo work; I merely prefer that it be available to persons to whom I wish it to be available. I realize, of course, that the jerk who somehow gained access to my site didn't "use" photo.net to find it. That is self-evident. He did, however, "use" your site to display the html, which he placed in a posting so that any nut out there (and believe me, plenty of them participated in that thread) could click on the link and go directly to my photo site. I'm glad that thread, and the link found in it, are gone; goodness knows what horrors the irascible hotheads who posted on that thread would post on my photo site. Thanks for the response. SU

<i>"It can't be found by a Google search, even if the snoop knows the screen name I use."</i>

<p>

I found it within 30 seconds using Google. You need to do some more research before you start crying "wolf" on everyone else. Google your own name for starters.

You have a link to it on your www.findagrave.com profile, that profile comes up on a Google search. You give the url for the profile at the bottom.

 

You should update that profile if you do not wish people to access it.

Google "Shane Usary" Photography. This comes up with your Find A Grave Contributor site (

the second site given by the google results) where on this web page you give the web

address to another site of yours with some photos. I believe this is one of them that someone

had posted. In fact, on your Find a grave site you say "Readers are invited to visit my still-

unfinished photo site at ..." Just thought you might like to know. If you don't want people to

find this site, remove the web address from here.

In what way is myphotoalbum.com supposed to be "ultra secure". It's not encrypted, it's not even password protected.

 

You need to learn a lot about more about Internet security if you want to hide your identity (and your images) on the web. If you want a secure website, at least get one that requires password access.

 

You also need to learn what "hacker" means. This is not hacking. Type your name in Google. If that's hacking, it's an entirely new definition of the term!

Well, it sure helps to have some more info, here. So: a non-public URL to some web content turns out to <i>be</i> public when you spread it around, or make it availble on other pages. Google picks it up, and it's there more or less for eternity. As Bob says, security through obscurity no longer works. You need to actually have a technical solution in place that manages users' sessions, and which challenges them for credentials - whether or not they know the right URL to get to a part of your web presence.

 

Shane, this is a technical shortcoming that's manifesting itself in a social way. You have to fix it with a technical change to the way your images are hosted, or decide that the social issues aren't important enough to worry about.

What the heck is so important that people can't see? What do you have unseen photos of the Kennedy assassination?

Man, if ever I have a website I want to publicize I am going to put a few posts on forums telling everyone I don't want them seeing my secret webpage ;p

I ran my name in quotes on Google and Yahoo and got about 140 hits on one and 160 on the other. Not one of them displayed anything even remotely related to my photo site. I did, however, forget that the "Find A Grave" bio page had the html displayed. I shall correct that momentarily. Given the odd array of hotheads and flame-throwers who populated much of the thread that caused all this, I am determined to take greater security measures. Apparently, some of them were so morbidly curious about me that they "googled" my name in every conceivable variation (one curious poster queried, "Who ARE you?") Some petulant old professor who took a disliking to what I had to say even found references to my Ph.D. dissertation and repeated the title back to me, to what end I know not. I certainly wouldn't want that ancient bugger to have access to my photo site. Thanks, SU.

Shane usary Photography

view portfolio as a slideshow | comment on this portfolio

 

(Mark this person as interesting) what's this?

 

** This member has not uploaded a portfolio **

 

(or is incapable of scanning an excellent slide?)

I think you'd be better off avoiding the Internet. My name's all over the place, as is the location of my website (in fact websites).

 

Nobody harrases me. Nobody makes particualrly nasty comments about my images. Nobody follows me around or is morbidly curious about me. I'm not aware anyone has researched my Ph.D thesis topic, my peer-reviewed publications or my patents, all of which can probably be found fairly easily. If they have looked these things up, they've kept the information to themselves since none of it is very interesting to most people.

 

If you're the sort of person who attracts loonies, stalkers and other wierdos, you'd be better off watching TV than exposing yourself to examination on the Internet.

I must be an underachiever, because it took me 90 seconds to find this guy's site.

I think you are right, Mr. Atkins. Given the kind of people loose on the internet these days, those whom you properly denominated "wierdos" (sic) and such, one surrenders his privacy at his peril. I have removed any references to my photo site and its html and plan to apprise the managers of that site that they apparently have some security problem. As I said, I can't imagine what motivated the aged professor fellow to look me up on "Google" and display my dissertation title; the ways of the elderly are sometimes baffling, I suppose. I appreciate the comments here, save for the typically tacky one from what George H.W. Bush would call "the Marin County hot tubber," whom I recognize as one of my attackers from the doleful thread that led to this problem, and am now more alert to the problems one faces given what is roaming around loose in this unfortunate world in this day and age. Thanks again, and I suggest that this thread suffer the same fate as the one you fortunately deleted yesterday.

So -- you are incapable of doing a quality scan of one of your better, more-proud-of slides Dr. Shane? [i ain't that much of a hot tubber either; I am not paranoid as well...]

In view of the latest flaky and insulting post from that Marin Countian, I beseech the manager(s) of this thread to delete it. It contains nothing of substance and began only as an inquiry on my part. Apparently, some of what Mr. Atkins describes as the "weirdos" and "stalkers" from yesterday's deleted thread just can't give it up and have decided to follow me here. Thanks, SU.

please don't delete this it's way better than reality TV

Shane, threads do not just get deleted here just because you'd like them to. When you say something on photo.net you need to be prepared to stand behind it.

 

However, as this thread has reached it's logical conclusion. I am closing it to further responses.