[Dshield] big question, no answers

DAN MORRILL dan_20407 at msn.com
Sat Oct 4 15:42:18 GMT 2003


Good Morning,

I have a question for the whole community at this point.

What do you do when you find a pile of IDS sensors via google that they 
probably don't want to have on the open internet?

I wanted to find out more about the page acid_main.php and did a google 
search on it, and low and behold out of the 800 some hits, about 25% of them 
were direct urls to someone elses ids system, and they didn't make it a 
public page, I could have deleted everything in their MySQL Db or what ever 
DB they were looking at through the ACID pages. j

Abet interesting, a bit disconserting when there is the ability to do so. 
One would have thought that IDS data should not be trackable via google.

If I notify, (experience shows) that the Security Pers dont' want to hear 
it, let alone from an outsider looking via google. (I have gotten in trouble 
in the past for my own "good intentions".) If I don't notify, how will they 
correct?

The groups take on this would be most interesting to hear.
V/R
Dan Morrill




Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. 
Please resend when you get those, it does not mean that the mail box is bad, 
merely that MSN mail is over worked at the time.

Otherwise, hope things are going well.
r/
Dan

_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $29.95/month 
(depending on the local service providers in your area).  
https://broadband.msn.com




More information about the list mailing list