Re: Security problems at the DIA Web site

[rms () computerbytesman com]

Intentionally distributing spying trojans is illegal! ;-)

This Google search string locates other open directories at U.S. military
Web sites:

    "index +of" apache site:.mil

Google also finds close to 900,000 (!) open directories at .gov Web sites:

    "index +of" apache site:.gov

I always wonder if Google and other search engines intentionally look for
open directories.  For example, let's say that the Google search bot finds
a link of the form:

    http://www.example.com/docs/mayreport.htm

Will the Google bot also check out the URL http://www.example.com/docs/?

Richard


> On 6/11/07, rms () computerbytesman com <rms () computerbytesman com> wrote:
> > Yikes, an open directory at the Defense Intelligence Agency Web site:
> >
> >   http://www.dia.mil/contracting/briefs/
> >
> > Background on the DIA Web site:
> >
> >   Exclusive: Office of Nation's Top Spy Inadvertently Reveals Key to
> > Classified National Intel Budget
> >
> > http://www.thespywhobilledme.com/the_spy_who_billed_me/2007/06/exclusive_off
> > ic.html
> >
> > The PowerPoint referenced in the blog article is now gone, but I found
> > that
> > the DIA left other stuff open in the same directory for anyone to
> > review.
>
> Hmm, anyone taking bets on whether the ppt files are trojan'ed?
>
> Just which file are IP's visiting the site filed under...
>
> -JP<only one way to find out>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.