[Dshield] big question, no answers
dan_20407 at msn.com
Sat Oct 4 15:42:18 GMT 2003
I have a question for the whole community at this point.
What do you do when you find a pile of IDS sensors via google that they
probably don't want to have on the open internet?
I wanted to find out more about the page acid_main.php and did a google
search on it, and low and behold out of the 800 some hits, about 25% of them
were direct urls to someone elses ids system, and they didn't make it a
public page, I could have deleted everything in their MySQL Db or what ever
DB they were looking at through the ACID pages. j
Abet interesting, a bit disconserting when there is the ability to do so.
One would have thought that IDS data should not be trackable via google.
If I notify, (experience shows) that the Security Pers dont' want to hear
it, let alone from an outsider looking via google. (I have gotten in trouble
in the past for my own "good intentions".) If I don't notify, how will they
The groups take on this would be most interesting to hear.
Sometimes MSN E-mail will indicate that the mesasge failed to be delivered.
Please resend when you get those, it does not mean that the mail box is bad,
merely that MSN mail is over worked at the time.
Otherwise, hope things are going well.
Frustrated with dial-up? Get high-speed for as low as $29.95/month
(depending on the local service providers in your area).
More information about the list