nCircle The Lens Blog

Old Skool is Still Cool

If you ever find yourself wondering if simple directory traversal vulnerabilities are still relevant in this day and age, go read about Fox News. It's unfortunate that we don't know, and probably won't know, how long this condition was present. Was it an initial configuration issue or the result of some update or change?

It's also a reminder why continuous configuration and vulnerability assessments are really a requirement. This condition's presence on the public Internet for even a few minutes presents a significant opportunity for compromise.

*UPDATE*
Apparently, just to make it interesting, the access gained with that user/pass provided 1.5 million names, phone numbers and email addresses.

Posted by Tim Erlin on July 23, 2007 9:27 AM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/233

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):


About

This page contains a single entry from the blog posted on July 23, 2007 9:27 AM.

The previous post in this blog was The End Of The World (As We Know It).

The next post in this blog is MDI DSS: The Next Regulatory Front?.

Many more can be found on the main index page or by looking through the archives.



Bio

Blog: The Lens
Author: Tim Erlin

Tim Erlin, CISSP, is a Principal Product Manager at nCircle, responsible for vulnerability management and configuration auditing. In his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. His career in information technology began with systems and network administration.


Search

   


Recent Posts

   

Archives

   

Categories

  • Blog
  • Information Security Market
  • Regulations and Compliance
  • Vulnerability Research