--- /dev/null
+0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com) null/SLASHDOT/0102639752 70\r
+i Thursday September 06, 2018 @11:30PM (msmash)\r
+i from the security-woes dept.\r
+i\r
+i Open .git directories are a bigger cybersecurity problem than\r
+i many might imagine, at least according to a Czech security\r
+i researcher who discovered almost 400,000 web pages with an\r
+i open .git directory possibly exposing a wide variety of data.\r
+i From a report: Vladimir Smitka began his .git directory\r
+i odyssey in July when he began looking at Czech websites to\r
+i find how many were improperly configured and allow access to\r
+i their .git folders within the file versions repository. Open\r
+i .git directories are a particularly dangerous issue, he said,\r
+i because they can contain a great deal of sensitive\r
+i information. "Information about the website's structure, and\r
+i sometimes you can get very sensitive data such as database\r
+i passwords, API keys, development IDE settings, and so on.\r
+i However, this data shouldn't be stored in the repository, but\r
+i in previous scans of various security issues, I have found\r
+i many developers that do not follow these best practices,"\r
+i Smitka wrote. Smitka queried 230 million websites to discover\r
+i the 390,000 allowing access to their .git directories. The\r
+i vast majority of the websites with open directories had a .com\r
+i TLD with .net, .de, .org and uk comprising most of the others.\r
+i\r
git://git.nikiroo.be / gofetch.git / blobdiff