[3527] in WWW Security List Archive
Re: Alta Vista may or may not harvest unadvertised document
daemon@ATHENA.MIT.EDU (Leonard H. Smith)
Wed Nov 13 12:51:09 1996
From: "Leonard H. Smith" <lensmith@mta-usa.org>
To: Prentiss Riddle <riddle@is.rice.edu>, "David W. Morris" <dwm@xpasc.com>
Date: Wed, 13 Nov 1996 06:04:29 -800
Reply-to: lensmith@mta-usa.org
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>
>
> On Mon, 11 Nov 1996, Prentiss Riddle wrote:
>
> > Regardless of whether the Alta Vista harvester is this aggressive,
> > other harvesters (or individual human users) might be, so the
> > prudent thing is never to put files in a world-readable web tree
> > that you can't afford for the world to see.
> True, but almost all of the risk is eliminated if you provide the
> index.html
I had a similar problem with LYCOS. Their worm went out and acquired
the host, but Domain Name Service on the provider was ALL indexed to
the SAME IP address... The only thing that changed was the 1st
branch off of the root. The result was that ALL of the DNS entries
on the host could come up with my site with my account name as the
FIRST BRANCH of ALL of the other DNS entries on the server (X-rated
... you name it).
You'd think the worm would check for this possibility. (Nahh).
()-()-()-()-()-()-()-()-()-()-()-()-()-()-()
Market Technicians Association
http://www.mta-usa.org/~lensmith/
International Federation of Technical Analysts
http://www.ifta.org/~ifta/
()-()-()-()-()-()-()-()-()-()-()-()-()-()-()
