Sharing is caring, perhaps – but when it comes to your website’s files and directories, it’s not a good idea, as Denuvo found out this week.
A few curious surfers found out that Denuvo, which makes digital rights management (DRM) software to prevent video game piracy, hadn’t locked down all their website’s directories from public view and prodding. That means the website’s private directories and all their files were open for snooping around.
This may not sound like a big deal, but it’s akin to handing over the casino blueprints to the crew of Ocean’s Eleven. The more an attacker knows about how your website is set up and where files are stored, the easier it is for them to find out where sensitive files are held and discover exactly what kind of software runs your website. That kind of detail makes it easier for an attacker to determine what kind of vulnerabilities your site’s software is likely to have, helping them to devise a focused – and likely more successful – attack.