funsec mailing list archives
Re: Security problems at the DIA Web site
From: rms () computerbytesman com
Date: Mon, 11 Jun 2007 12:38:37 -0400 (EDT)
Intentionally distributing spying trojans is illegal! ;-) This Google search string locates other open directories at U.S. military Web sites: "index +of" apache site:.mil Google also finds close to 900,000 (!) open directories at .gov Web sites: "index +of" apache site:.gov I always wonder if Google and other search engines intentionally look for open directories. For example, let's say that the Google search bot finds a link of the form: http://www.example.com/docs/mayreport.htm Will the Google bot also check out the URL http://www.example.com/docs/? Richard
On 6/11/07, rms () computerbytesman com <rms () computerbytesman com> wrote:Yikes, an open directory at the Defense Intelligence Agency Web site: http://www.dia.mil/contracting/briefs/ Background on the DIA Web site: Exclusive: Office of Nation's Top Spy Inadvertently Reveals Key to Classified National Intel Budget http://www.thespywhobilledme.com/the_spy_who_billed_me/2007/06/exclusive_off ic.html The PowerPoint referenced in the blog article is now gone, but I found that the DIA left other stuff open in the same directory for anyone to review.Hmm, anyone taking bets on whether the ppt files are trojan'ed? Just which file are IP's visiting the site filed under... -JP<only one way to find out>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security problems at the DIA Web site rms (Jun 11)
- Re: Security problems at the DIA Web site Dude VanWinkle (Jun 11)
- Re: Security problems at the DIA Web site rms (Jun 11)
- Re: Security problems at the DIA Web site Valdis . Kletnieks (Jun 11)
- Re: Security problems at the DIA Web site rms (Jun 11)
- Re: Security problems at the DIA Web site Dude VanWinkle (Jun 11)