Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: Convenience or just bad design?
From: "Robert D. Holtz" <robert.d.holtz () gmail com>
Date: Wed, 12 Jul 2006 09:24:21 -0500

Pretty stunning ... the whole directory is wide open.  There's even an
Access database for resumes containing name and address information. 

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com] 
Sent: Tuesday, July 11, 2006 9:31 PM
To: webappsec () securityfocus com
Subject: Convenience or just bad design?

So Altiris.com website allows their customers to upload files to their
servers.  The filenames are based on the email address of the
customer.

The interesting part is that they make this upload directory web
accessible by FTP. So now not only you can access all the uploaded
files, you can also get the email addresses of the Altiris customers.
Some of the file are very interesting. They include actual unreleased
applications.
ftp://wise1:w1s3ftp () 209 104 132 121/wisesol/www/bugs/

Doesn't this go against their privacy policy?
http://www.altiris.com/company/legal/privacy.aspx

When will companies realize the importance of good secure design????

-- 
Saqib Ali, CISSP, ISSAP
Support http://www.full-disc-encryption.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional CSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional CSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]