Quote:
|
Originally Posted by fixed_truth
I agree that that the Labour Party might have a duty of care; but wont the investigation make clearer where/how much blame should be laid? I mean do we know that a company wasn't contracted to keep the website secure?
|
IT DOESNT FUCKING MATTER aka ALL of it is on Labour. Honestly have you worked in a company before?
They hired said company, they are responsible for what that company does for them under their direction, thats what IT does. If they "purposely" leaked/made it insecure/failed to do their job, then grats labour on making a shit choice on companies ... they are still responsible.
Fact are this could have ALL been avoided (or at minimum mitigated better) with a SIMPLE 2-4 grand penetration test from a number of independant companies, which is still Labours responsibility.
Stop trying to pass the buck off to someone else .... its their fuck up ... deal with it.
Quote:
|
Originally Posted by DrTiTus
Not sure this is 100% correct. "Options All" seems to be the default, which includes indexes. I don't think it's any less responsible to allow this to happen though - I'm in the habit of touch'ing index.php/htm to ensure the index option is largely irrelevant.
|
Checked on my fresh distro, "Options Indexes FollowSymLinks MultiViews" so your probably right.
However "How to secure apache" in google comes up with all the basic information that would have almost completely avoided this....... (but .. they should already know this or hired someone that did.)