19 comments

[ 2.4 ms ] story [ 32.6 ms ] thread
wtf - why is this in the public folder?
Because whoever did the deployment is incompetent.
And because it's currently fun to beat up on Musk and his companies...
We are simply marveling at the output of "hardcore coding" at its finest.
Need some hardcore sysadmin to with the code.
He really does beg for and insist on it.

There is nothing unreasonable at all in "beating up on Musk and his companies" after any of countless things he's said and done, and I don't mean the merely eccentric stuff like giving his kid a weird name.

Is he some coffee shop owner just minding his own business never said an offensive word to anyone and the world just decided "F this rando"?

No. So, that attempt was misplaced.

Eh, that was posted in another thread. It's really benign, and doesn't leak anything other than Tesla's website is a Drupal site... which was already known and easy to discover without the "leak".

I would not say these "leaks" are necessarily incompetence like some have been quick to assume. These "leaks" don't really leak anything at all... and it's possible their team reviewed the files and determined "who cares".

It's also pretty likely Tesla's staff has very little to do with the website, other than content. It's a Drupal site after all - some 3rd party might be in charge of hosting it, making this mistake theirs to own.

leaking info about your site / app is only benign until a motivated attacker finds and exploits it

aside from being a potential security risk, it is downright embarrassing and sloppy, especially for a multi-billion $ company with a leader who is super vocal about "hard-core coding"

musk fan or not that's pretty ironic

Well, nobody is "coding" a Drupal site. It's a CMS... and it's probably hosted by some 3rd party like these typically are.
so what? defacing their site and announcing fake news would still impact their stock price as shown re/twitter and Eli Lilly this month
There's nothing in these "leaks" that are even remotely exploitable...
that we know of, at this time, sure. something isn't exploitable until you find an exploit, and then it's exploitable. knowing file paths for key configs on disk can't possibly help that equation.
But like previously said, these are not secret paths. Everyone knows they are running a Drupal CMS, and those paths are baked into all Drupal sites.

Literally nothing learned from these "leaks" that wasn't already known.

Hilarious to me how much Hacker News wants to throw dirt on any company Elon Musk is associated with.
Hilarious to me how some people ignore the countless examples of him setting the tone and therefor demanding and insisting on it.