A
@kimos said:Interesting thread on Reddit:http://reddit.com/info/2tpxi/comments The Adobe server is down now, fortunately for them, but not before a whole list of passwords, config files, and various system information were pulled out and posted. All from a simple path injected in the URL.I see no hint of anybody extracting passwords, nor would I expect them to - unix systems haven't stored passwords in /etc/passwd in years. Even if you did, you still have to break md5 to use them, and rainbowcrack is mostly useless against unix md5 hashes.Furthermore, on any reasonably sane unix system, no information can be collected in this manner which is of any real threat. This is the sort of things that makes managers wet themselves and sysadmins shrug. It would only be a problem in the movies; in the real world, it's pretty much harmless. Unix systems are designed to be accessed in this manner, with any random user being able to look at the public files, and remain secure.the real WTF is that a company that big isn't running their webservers in a Chroot jail That really doesn't accomplish anything much. It's the sort of thing that people like to talk about on the web, but it's not much more meaningful than "remodulate the shield harmonics". chroots have their applications, but only in very rare circumstances do they add any security.