[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org

To: Ali Hasan Ghauri <alihasanghauri@xxxxxxxxxxx>, <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org
From: Andrew Lewman <andrew@xxxxxxxxxxxxx>
Date: Mon, 24 Jun 2013 21:20:04 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 24 Jun 2013 21:20:22 -0400
In-reply-to: <BAY161-W551CB075010F467F9879CCDE8A0@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Organization: The Tor Project, Inc.
References: <BAY161-W551CB075010F467F9879CCDE8A0@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mon, 24 Jun 2013 23:57:01 +0500
Ali Hasan Ghauri <alihasanghauri@xxxxxxxxxxx> wrote:

> It is Directory Listing (Apache) . An attacker can see the files
> located in the directory and could potentially access files which
> disclose sensitive information .

This is by design. The smarter attacker would just download the website
source in svn, https://svn.torproject.org/svn/website/trunk/.  Like any
smart company, we have no sensitive files on our websites.

> Many websites pay bug bounty to researcher who report the bug yo
> them . Can you ?

Thanks for the hint, but as these aren't bugs, nothing to report here.

In the future, please don't cross lists. Pick one and stick with it.
Thanks.

-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org
  - From: Gregory Disney

Prev by Author: Re: [tor-talk] Until there's a REAL effing way to communicate, that evey1 can use, I'm DONE
Next by Author: Re: [tor-talk] Recommended method for updating an existing TBB
Previous by thread: [tor-talk] [Fwd: help setting up access points]
Next by thread: Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org
Index(es):
- Author
- Thread