[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] DSD accidentally leaks own infosec manual
By Michael Lee
November 15, 2011
The Australian Defence Signals Directorate (DSD) has inadvertently made
its 2012 Information Security Manual available to the public before
officially announcing it due to a misconfiguration of its web server.
The DSD has incorrectly configured its web server to allow any user to
view file listings of certain directories on its website, including the
2012 Information Security Manual, which was uploaded yesterday morning.
Generally, web servers only display a directory listing when no index
file is located in the same directory and the server has not been
configured to deny listings in its overall configuration or on a per
directory basis with .htaccess files. A blank file in the same directory
with the name index.htm could also have easily prevented the directory's
contents from being listed.
DSD's website states that the edition currently published online is the
August 2011 edition.
Subscribe to InfoSec News - www.infosecnews.org