Information Security News mailing list archives
DSD accidentally leaks own infosec manual
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 15 Nov 2011 00:08:34 -0600 (CST)
http://www.zdnet.com.au/dsd-accidentally-leaks-own-infosec-manual-339326180.htm By Michael Lee ZDNet.com.au November 15, 2011The Australian Defence Signals Directorate (DSD) has inadvertently made its 2012 Information Security Manual available to the public before officially announcing it due to a misconfiguration of its web server.
The DSD has incorrectly configured its web server to allow any user to view file listings of certain directories on its website, including the 2012 Information Security Manual, which was uploaded yesterday morning.
Generally, web servers only display a directory listing when no index file is located in the same directory and the server has not been configured to deny listings in its overall configuration or on a per directory basis with .htaccess files. A blank file in the same directory with the name index.htm could also have easily prevented the directory's contents from being listed.
DSD's website states that the edition currently published online is the August 2011 edition.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- DSD accidentally leaks own infosec manual InfoSec News (Nov 14)