DSD accidentally leaks own infosec manual

[InfoSec News <alerts () infosecnews org>]

http://www.zdnet.com.au/dsd-accidentally-leaks-own-infosec-manual-339326180.htm

By Michael Lee
ZDNet.com.au
November 15, 2011

The Australian Defence Signals Directorate (DSD) has inadvertently made 
its 2012 Information Security Manual available to the public before 
officially announcing it due to a misconfiguration of its web server.

The DSD has incorrectly configured its web server to allow any user to 
view file listings of certain directories on its website, including the 
2012 Information Security Manual, which was uploaded yesterday morning.

Generally, web servers only display a directory listing when no index 
file is located in the same directory and the server has not been 
configured to deny listings in its overall configuration or on a per 
directory basis with .htaccess files. A blank file in the same directory 
with the name index.htm could also have easily prevented the directory's 
contents from being listed.

DSD's website states that the edition currently published online is the 
August 2011 edition.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn