The Vulnerability Management Blog

So Microsoft Federated Services uses /adfs/ls in most of it's paths to various types of pages like login/logout etc for Single Sign-On.  But there is one particular page with the path of  /adfs/ls/idpinitiatedsignon.aspx? that's really interesting to me because it usually has a drop down menu that gives you a list of applications or places to login to. For one company, it was basically a list of it's clients. For Microsoft, there was one that had all kinds of internal applications and stuff that I would classify as social engineering ammo.  Most people figured out how to hide this page with a robots.txt file but they aren't hiding the " /adfs/ls/"  so I search on that path and when I find it, I try appending "idpinitiatedsignon.aspx?" to it and see if it resolves. I found some pretty interesting stuff without digging too hard.  I don't know if it's me but this info seems a little too sensitive to just hang out on the internet.

 Here is one for Medtronic.

https://federation.medtronic.com/adfs/ls/idpinitiatedsignon.aspx?

Here is a pic of one for Microsoft.

https://corp.sts.microsoft.com/adfs/ls/idpinitiatedsignon.aspx?

http://www.ibtimes.co.uk/articles/447916/20130319/hacker-identified-journalist-sedning-swat-team-home.htm

This same thing happened to a good friend of mine.  Then recently, another friend of mine told me a similar story about a friend of his. Seems that anybody can call SWAT on anybody else these days and they don't vet shit before going off half-cocked.  This is an accident waiting to happen. If I opened my door to a gun in my face, I seriously do not know how I would react - especially if I thought my kid was in danger. I would love to see stats on how many times innocent people were taken down by these wannabe army guys.  I hope Krebs takes them down in the media and then sues the hell out of them.

The ISC patch Tuesday chart with breif descriptions of each vulnerability and patch