[Dshield] big question, no answers

Doug White doug at clickdoug.com
Sat Oct 4 16:43:03 GMT 2003


Good point.
In order for Google to index my ACID pages, the bot has to get past a password
protected directory.  If they can do that, then what is security anyway?

======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "DAN MORRILL" <dan_20407 at msn.com>
To: <list at dshield.org>
Sent: Saturday, October 04, 2003 10:42 AM
Subject: [Dshield] big question, no answers


| Good Morning,
|
| I have a question for the whole community at this point.
|
| What do you do when you find a pile of IDS sensors via google that they
| probably don't want to have on the open internet?
|
| I wanted to find out more about the page acid_main.php and did a google
| search on it, and low and behold out of the 800 some hits, about 25% of them
| were direct urls to someone elses ids system, and they didn't make it a
| public page, I could have deleted everything in their MySQL Db or what ever
| DB they were looking at through the ACID pages. j
|
| Abet interesting, a bit disconserting when there is the ability to do so.
| One would have thought that IDS data should not be trackable via google.
|
| If I notify, (experience shows) that the Security Pers dont' want to hear
| it, let alone from an outsider looking via google. (I have gotten in trouble
| in the past for my own "good intentions".) If I don't notify, how will they
| correct?
|
| The groups take on this would be most interesting to hear.
| V/R
| Dan Morrill
|
|
|
|
| Sometimes MSN E-mail will indicate that the mesasge failed to be delivered.
| Please resend when you get those, it does not mean that the mail box is bad,
| merely that MSN mail is over worked at the time.
|
| Otherwise, hope things are going well.
| r/
| Dan
|
| _________________________________________________________________
| Frustrated with dial-up? Get high-speed for as low as $29.95/month
| (depending on the local service providers in your area).
| https://broadband.msn.com
|
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|
|




More information about the list mailing list