1 0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com) null/SLASHDOT/0102639752 70
2 i Thursday September 06, 2018 @11:30PM (msmash)
3 i from the security-woes dept.
5 i Open .git directories are a bigger cybersecurity problem than
6 i many might imagine, at least according to a Czech security
7 i researcher who discovered almost 400,000 web pages with an
8 i open .git directory possibly exposing a wide variety of data.
9 i From a report: Vladimir Smitka began his .git directory
10 i odyssey in July when he began looking at Czech websites to
11 i find how many were improperly configured and allow access to
12 i their .git folders within the file versions repository. Open
13 i .git directories are a particularly dangerous issue, he said,
14 i because they can contain a great deal of sensitive
15 i information. "Information about the website's structure, and
16 i sometimes you can get very sensitive data such as database
17 i passwords, API keys, development IDE settings, and so on.
18 i However, this data shouldn't be stored in the repository, but
19 i in previous scans of various security issues, I have found
20 i many developers that do not follow these best practices,"
21 i Smitka wrote. Smitka queried 230 million websites to discover
22 i the 390,000 allowing access to their .git directories. The
23 i vast majority of the websites with open directories had a .com
24 i TLD with .net, .de, .org and uk comprising most of the others.
git://git.nikiroo.be / gofetch.git / blob