Results 1 to 5 of 5

Thread: I can see the directory structure of CQ.

  1. #1
    Join Date
    Aug 2006
    Posts
    3,474

    I can see the directory structure of CQ.

    Y'all know this is old URL is still exposed, right? And since it has no index file, the helpfully displays the site's directory for all to see.

    There's a comment at the bottom telling how to fix it.

    Click image for larger version. 

Name:	CQ404.png 
Views:	93 
Size:	104.9 KB 
ID:	24519

  2. #2
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    15,344
    Thanks. It's been forwarded (yesterday, not just now.). I'm not famliar with Django so I'm not sure if it actually exposes anything important, but at the very least it's a little embarrassing.
    ____________
    "Dumb all over, a little ugly on the side." -- Frank Zappa
    "Your right to hold an opinion is not being contested. Your expectation that it be taken seriously is." -- Jason Thompson
    "This is really very simple, but unfortunately it's very complicated." -- publius

    Moderator comments in this color | Get moderator attention using the lower left icon:
    Recommended reading: Forum Rules * Forum FAQs * Conspiracy Theory Advice * Alternate Theory Advocates Advice

  3. #3
    Join Date
    Aug 2006
    Posts
    3,474
    Quote Originally Posted by slang View Post
    Thanks. It's been forwarded (yesterday, not just now.). I'm not famliar with Django so I'm not sure if it actually exposes anything important, but at the very least it's a little embarrassing.
    The general idea is that - while not explicitly exposing anything important - it is very useful to hackers, because they can infer a lot. They know exactly where the login logic and the user accounts are located - and the fact that its in the default factory-settings location. And they can assume that little more than the most basic security measures have been implemented across the site - meaning most of their standard exploits will probably work. This makes CQ even more enticing, as it is low-hanging fruit - east pickins'.

    The risk, of course, is not to CQ itself, but to its members, whose passwords are likely duplicated (or, again, can be deduced) on more sensitive sites, that might hold financial data.

  4. #4
    Join Date
    Oct 2001
    Posts
    30,024
    Quote Originally Posted by DaveC426913 View Post
    The general idea is that - while not explicitly exposing anything important - it is very useful to hackers, because they can infer a lot. They know exactly where the login logic and the user accounts are located - and the fact that its in the default factory-settings location. And they can assume that little more than the most basic security measures have been implemented across the site - meaning most of their standard exploits will probably work. This makes CQ even more enticing, as it is low-hanging fruit - east pickins'.

    The risk, of course, is not to CQ itself, but to its members, whose passwords are likely duplicated (or, again, can be deduced) on more sensitive sites, that might hold financial data.
    It seems to be worth mentioning that no one should be using the same password for both CosmoQuest and for their financial accounts. If you do and are reading this, go change your financial passwords now. (I myself don't always follow the advice to use a different password for everything, but if I do use the same password, it's for casual sites where I don't care all that much whether I get hacked or not.)
    Everything I need to know I learned through Googling.

  5. #5
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    15,344
    The buildteam is aware of this and has let us know Django is being phased out.

    Quote Originally Posted by DaveC426913 View Post
    The general idea is [...]
    Ok. We'll just pretend I asked for that.
    ____________
    "Dumb all over, a little ugly on the side." -- Frank Zappa
    "Your right to hold an opinion is not being contested. Your expectation that it be taken seriously is." -- Jason Thompson
    "This is really very simple, but unfortunately it's very complicated." -- publius

    Moderator comments in this color | Get moderator attention using the lower left icon:
    Recommended reading: Forum Rules * Forum FAQs * Conspiracy Theory Advice * Alternate Theory Advocates Advice

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •