nCircle The Lens Blog: July 2007 Archives

July 23, 2007

Old Skool is Still Cool

If you ever find yourself wondering if simple directory traversal vulnerabilities are still relevant in this day and age, go read about Fox News. It's unfortunate that we don't know, and probably won't know, how long this condition was present. Was it an initial configuration issue or the result of some update or change?

It's also a reminder why continuous configuration and vulnerability assessments are really a requirement. This condition's presence on the public Internet for even a few minutes presents a significant opportunity for compromise.

*UPDATE*
Apparently, just to make it interesting, the access gained with that user/pass provided 1.5 million names, phone numbers and email addresses.

Posted by Tim Erlin on July 23, 2007 9:27 AM | | | | Comments (0) | TrackBacks (0)

Bio

Blog: The Lens
Author: Tim Erlin

Tim Erlin, CISSP, is a Principal Product Manager at nCircle, responsible for vulnerability management and configuration auditing. In his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. His career in information technology began with systems and network administration.


Search

   

Recent Posts

   

Archives

   

Categories

  • Blog
  • Information Security Market
  • Regulations and Compliance
  • Vulnerability Research