http://www.zdnet.com.au/dsd-accidentally-leaks-own-infosec-manual-339326180.htm By Michael Lee ZDNet.com.au November 15, 2011 The Australian Defence Signals Directorate (DSD) has inadvertently made its 2012 Information Security Manual available to the public before officially announcing it due to a misconfiguration of its web server. The DSD has incorrectly configured its web server to allow any user to view file listings of certain directories on its website, including the 2012 Information Security Manual, which was uploaded yesterday morning. Generally, web servers only display a directory listing when no index file is located in the same directory and the server has not been configured to deny listings in its overall configuration or on a per directory basis with .htaccess files. A blank file in the same directory with the name index.htm could also have easily prevented the directory's contents from being listed. DSD's website states that the edition currently published online is the August 2011 edition. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Nov 14 2011 - 22:08:34 PST
This archive was generated by hypermail 2.2.0 : Mon Nov 14 2011 - 22:13:04 PST