WebApp Sec mailing list archives
RE: Convenience or just bad design?
From: "Robert D. Holtz" <robert.d.holtz () gmail com>
Date: Wed, 12 Jul 2006 09:24:21 -0500
Pretty stunning ... the whole directory is wide open. There's even an Access database for resumes containing name and address information. -----Original Message----- From: Saqib Ali [mailto:docbook.xml () gmail com] Sent: Tuesday, July 11, 2006 9:31 PM To: webappsec () securityfocus com Subject: Convenience or just bad design? So Altiris.com website allows their customers to upload files to their servers. The filenames are based on the email address of the customer. The interesting part is that they make this upload directory web accessible by FTP. So now not only you can access all the uploaded files, you can also get the email addresses of the Altiris customers. Some of the file are very interesting. They include actual unreleased applications. ftp://wise1:w1s3ftp@209.104.132.121/wisesol/www/bugs/ Doesn't this go against their privacy policy? http://www.altiris.com/company/legal/privacy.aspx When will companies realize the importance of good secure design???? -- Saqib Ali, CISSP, ISSAP Support http://www.full-disc-encryption.com ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr --------------------------------------------------------------------------
Current thread:
- Convenience or just bad design? Saqib Ali (Jul 12)
- RE: Convenience or just bad design? Robert D. Holtz (Jul 12)