Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Convenience or just bad design?

from [Saqib Ali] Network Security [Permanent Link]
Subject: Convenience or just bad design?
Date: Tue, 11 Jul 2006 19:30:46 -0700 
So Altiris.com website allows their customers to upload files to their
servers.  The filenames are based on the email address of the
customer.

The interesting part is that they make this upload directory web
accessible by FTP. So now not only you can access all the uploaded
files, you can also get the email addresses of the Altiris customers.
Some of the file are very interesting. They include actual unreleased
applications.
ftp://wise1:w1s3ftp@209.104.132.121/wisesol/www/bugs/

Doesn't this go against their privacy policy?
http://www.altiris.com/company/legal/privacy.aspx

When will companies realize the importance of good secure design????

--
Saqib Ali, CISSP, ISSAP
Support http://www.full-disc-encryption.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional CSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmr
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Oracle SQL Injection, Mark Keegan
Next by Date:  Re: Oracle SQL Injection, Tim
Previous by Thread:  Oracle SQL Injection, Mark Keegan
Next by Thread:  RE: Convenience or just bad design?, Robert D. Holtz
Indexes:  [Date] [Thread] [Top] [All Lists]