Hi Ish,
At 20:37 13-04-2015, Ish Sookun wrote:
> From your screenshot I am to believe you got "write" access under
> the directory you were browsing. Is that right? If yes, it's
> serious. Exposing a sensitive infrastructure where one could
> deposit say a "malware" from the Internet is serious.
The Government Online Centre sent a reply yesterday.
I am not sure whether it would be possible to get write access on
www.ncb.mu or cert-mu.govmu.org. There isn't any privacy policy for
cert-mu.govmu.org [1]. That web site disclosed information which the
Mauritian National Computer Security Incident Response Team did not
publish before now. I might consider the information as sensitive
whereas cert-mu.govmu.org might consider that it is okay to publish
the information. A Computer Security Incident Response Team usually
reports an issue as serious if the issue is a serious one. There
isn't any announcement on cert-mu.govmu.org.
I reported the issue as an information disclosure to avoid
exaggerating the issue. Providing for anyone to host malware on
infrastructure which I run is, in my humble opinion, a serious issue.
Regards,
S. Moonesamy
1.
http://cert-mu.govmu.org/English/Pages/Disclaimer-Privacy-policy.aspx
Received on Tue Apr 14 2015 - 07:09:34 PST