[ insider_reports_insider ]
Fox News Forgets About Directory Security
David Utter
Staff Writer
2007-07-23
 Insider Reports RSS Feed
Most webmasters prefer not to allow visitors to browse their directory structures, but somebody on the Fox News online staff forgot this step.
 | | Fox News Forgets About Directory Security |  |
Netcraft tells us the Fox News website runs on Apache, sitting on a Linux box.
The more information one can find out about a web server, the greater the chance to take advantage of unpatched or new vulnerabilities on the platform.
It's surprising that Fox News would allow itself to display such information, but they did that and more. A submission on Reddit, a social media site owned by Conde Nast, revealed Fox News had left their root images folder open for browsing.
Scrolling to the bottom of that page, we found the exact version of Apache and the Linux distribution Fox News uses. Other Reddit users found more evidence of the sloppiness of Fox News webmasters.
One link they discovered leads to an old SQLnet.log file, showing connection errors that happened when trying to reach an Oracle database. Another person found a different unsecured directory on Fox News, complete with a shell script containing a login/password combo for a FTP server (it appears the password has been changed).
This should serve as a cautionary note to webmasters. It's easy to neglect something as small as an entry in httpd.conf, and I'm inclined to think someone made a change to an older copy of that at Fox News and copied up to the production server without realizing directory browsing was still enabled in the older httpd.conf file.
This should be a fun morning for someone in the IT department when the brass starts asking what's going on with the Fox News website.
Tags: Fox News, Apache, Computer, Security
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
