Re: [Full-disclosure] Google's robots.txt handling

2012-12-13 Thread Mario Vilas
That paragraph says pretty much the exact opposite of what you understood. Also, could we please stop refuting points nobody even made in the first place? OP never claimed this to be a vulnerability, nor ever said robots.txt is a proper security mechanism to hide files in public web directories.

Re: [Full-disclosure] Google's robots.txt handling

2012-12-13 Thread Lehman, Jim
Yes I think you misunderstood or more likely I poorly worded the post. White listing is better than black listing. Black listing something you don't want googlebot to index just makes it easier for someone to find something you don't want indexed. If that content is sensitive, it probably

Re: [Full-disclosure] Nokia phone forcing traffic through proxy

2012-12-13 Thread Kim Henriksen
Opera has done this for quite some time now. They translate and compresses the website into their own language called OBML: http://dev.opera.com/articles/view/opera-binary-markup-language/ On Fri, Dec 7, 2012 at 9:01 PM, Philip Whitehouse phi...@whiuk.com wrote: On 7 Dec 2012, at 19:03,

[Full-disclosure] 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)

2012-12-13 Thread Mark Stanislav
I. DESCRIPTION --- portable-phpMyAdmin doesn't verify an existing WordPress session (privileged or not) when accessing the plugin file path directly. Because of how this plugin works, a default installation will provide a full phpMyAdmin console with the

[Full-disclosure] Hacking Competition PHDAYS CTF Quals 2012 Starts On December 15

2012-12-13 Thread PHD
Let us remind you that PHDays CTF Quals starts on the 15th of December and will last for three days. 300 teamshttp://quals.phdays.com/teams/leaders from more than 30 different countries of the world have already registered. You still can join! The teams will try their hands at security

[Full-disclosure] nullsec-net-crypter.pdf

2012-12-13 Thread Levent Kayan
Hello, we just released a new paper, which discusses ideas of advanced runtime encryption of .NET executables. You can find the paper here: http://www.nullsecurity.net/papers.html Enjoy reading it. Cheers, noptrix -- Name: Levon 'noptrix' Kayan E-Mail: nopt...@nullsecurity.net GPG key:

Re: [Full-disclosure] Google's robots.txt handling

2012-12-13 Thread Philip Whitehouse
I restate my email's second point. Google is indexing robots.txt because (from all the examples I can see) robots.txt doesn't contain a line to disallow indexing of robots.txt It is possible that some web sites provide actual content in a file that happens to be called robots.txt (e.g a

Re: [Full-disclosure] Google's robots.txt handling

2012-12-13 Thread Jeffrey Walton
On Thu, Dec 13, 2012 at 7:52 AM, Philip Whitehouse phi...@whiuk.com wrote: I restate my email's second point. Google is indexing robots.txt because (from all the examples I can see) robots.txt doesn't contain a line to disallow indexing of robots.txt It is possible that some web sites