Wishing for a Data Glitter Bomb

  • Comments posted to this topic are about the item Wishing for a Data Glitter Bomb

  • Perfect solution for the package thieving problem.  I put a few .357 holes in my door and sprinkled blood all over the sidewalk.  No problems since then.

    Rick
    Disaster Recovery = Backup ( Backup ( Your Backup ) )

  • I find it interesting to see how rarely honeypots are deployed and reported. For many security issues it seems like the best kind of monitoring.

  • Back in my direct mail days it was standard practise to put seed names and addresses into customer lists so that we could tell if our list was being used outside agreed boundaries.

    Even earlier than that, prior to calculators being commonly available there used to be books of tables and ready reckoners.  Their tables had small, deliberate precision errors in them, again with the intent of catching copyright breaches.

  • David.Poole - Monday, December 31, 2018 12:55 AM

    Back in my direct mail days it was standard practise to put seed names and addresses into customer lists so that we could tell if our list was being used outside agreed boundaries.

    Still the case now,with electronic data. A handful of incorrect names for certain addresses are included and if there are attempts to contact them then the data can be tracked back.
    I await the call on my home number for a handful of names that don't live here. I'm sorry, he isn't in right now please leave your contact details so my company's legal department can contact you.

  • Steve - this isn't exactly what you're looking for, but it's the first part of the equation: a URL Canary:

    https://urlcanary.com/

    You generate one of these, embed it in your data set, and set up Google Alerts for it. If it's ever accessed or shared publicly, you'll know your data was compromised.

  • Some software publishers will add ping back features to their apps, and e-books often contain digital watermarks that are unique to the account that originally purchased the product, so they can track pirated copies back the source. In addition to honeypots, law enforcement organizations like the FBI could seed the internet with "poison" credit card numbers and login credentials, which would then trigger an alert then used in the wild. Even if the sting only led to the arrest of individuals downstream who purchase stolen data (as opposed the ring leaders who actually break into databases), it would ultimately sour the market for stolen data and possibly discourage thieves from seeing it as a worth-the-risk profit making enterprise.

    Also, that documentary TV series "To Catch A Predator", where police use fake chat room posts or adds to lure sexual predators who think they're meeting up with a teen; I guess that would be an example of an internet "honeypot" operation.  🙂
    https://youtu.be/zJIlftta6fk

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • skeleton567 - Sunday, December 30, 2018 1:27 PM

    Perfect solution for the package thieving problem.  I put a few .357 holes in my door and sprinkled blood all over the sidewalk.  No problems since then.

    OK, but wouldn't that scare away the UPS delivery guy too?  🙂

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Monday, December 31, 2018 10:50 AM

    skeleton567 - Sunday, December 30, 2018 1:27 PM

    Perfect solution for the package thieving problem.  I put a few .357 holes in my door and sprinkled blood all over the sidewalk.  No problems since then.

    OK, but wouldn't that scare away the UPS delivery guy too?  🙂

    But you can tell if they've been around as the holes would have grown to .44 😀
    😎

  • I back a lot of board games on Kickstarter, and I eventually decided to get a PO Box at a UPS store for package deliveries, because too many of my packages went missing between the time they were delivered and the time I got home from work.

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

  • drew.allen - Monday, December 31, 2018 12:05 PM

    I back a lot of board games on Kickstarter, and I eventually decided to get a PO Box at a UPS store for package deliveries, because too many of my packages went missing between the time they were delivered and the time I got home from work.

    Drew

    There is an old saying that: "You can't hunt what you can't see."
    It seems to me that porch robbing would far less common if it weren't so obvious to passersby that a package is sitting there waiting by the front door. One solution would be to keep something like a wicker basket for dropping off packages. A thief is not likely to run door to door for every house in the neighborhood just to check drop off boxes (which would be empty 95% of the time), because that would involve an order of magnitude more effort, time, and risk.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Wednesday, January 2, 2019 12:14 PM

    There is an old saying that: "You can't hunt what you can't see."
    It seems to me that porch robbing would far less common if it weren't so obvious to passersby that a package is sitting there waiting by the front door. One solution would be to keep something like a wicker basket for dropping off packages. A thief is not likely to run door to door for every house in the neighborhood just to check drop off boxes (which would be empty 95% of the time), because that would involve an order of magnitude more effort, time, and risk.

    All my packages that went missing were small enough to place between my front door and my screen door, which is generally what the postal carriers do.  Packages placed there are just as hidden as they would be in a wicker basket.  I have no reason to believe that the postal carriers deviated from that practice when the packages were stolen, so I have no reason to believe that a wicker basket would be any less prone to porch robbing.  I went with a solution where the packages would not be left unattended in an insecure location.

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

  • drew.allen - Wednesday, January 2, 2019 1:08 PM

    All my packages that went missing were small enough to place between my front door and my screen door, which is generally what the postal carriers do.  Packages placed there are just as hidden as they would be in a wicker basket.  I have no reason to believe that the postal carriers deviated from that practice when the packages were stolen, so I have no reason to believe that a wicker basket would be any less prone to porch robbing.  I went with a solution where the packages would not be left unattended in an insecure location.

    Drew

    That intriguing. Perhaps you could setup an autorun on a thumbdrive such that, when the device is inserted into a PC, it will send you an email using the default mail client, thus providing you with the sender's email address and other info like Windows profile name. Re-package the device inside a delivery box so it looks new, and then place it on your porch.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Brent Ozar - Monday, December 31, 2018 6:05 AM

    Steve - this isn't exactly what you're looking for, but it's the first part of the equation: a URL Canary:

    https://urlcanary.com/

    You generate one of these, embed it in your data set, and set up Google Alerts for it. If it's ever accessed or shared publicly, you'll know your data was compromised.

    That's pretty neat

  • Steve Jones - SSC Editor - Tuesday, January 8, 2019 8:33 AM

    Brent Ozar - Monday, December 31, 2018 6:05 AM

    Steve - this isn't exactly what you're looking for, but it's the first part of the equation: a URL Canary:

    https://urlcanary.com/

    You generate one of these, embed it in your data set, and set up Google Alerts for it. If it's ever accessed or shared publicly, you'll know your data was compromised.

    That's pretty neat

    This is essentially an SaaS version of the tracking URLs that spammers and law enforcement have been putting in emails and web pages for decades.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 15 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic. Login to reply