Seth,

AMAZING WORK.

Email me or call me directly (see my calbar.org entry for my contact details). I want to get your discovery more widely distributed.

Cyrus Sanai

Great work, Seth. (I followed over from Lessig.) I've shared this with Solosez. I hope this gets wider traction (including the cautionary note about prematurely jumping to conclusions regarding his character).

Thanks for digging into this. I wondered if it was a matter of directory indexes being turned on without Kozinski knowing the implications of that decision.

In his latest blog post, Lawrence Lessig mentions that his own server is immune to directory browsing.

He's wrong:

http://lessig.org/images/

Rogers: good find. In fact, here are other open directories:

http://lessig.org/images/_notes/
http://lessig.org/news/2008/
http://lessig.org/news/2007/
http://lessig.org/news/2006/
http://lessig.org/news/2005/
http://lessig.org/news/2004/
http://lessig.org/news/2003/
http://lessig.org/news/2002/
http://lessig.org/news/2001/

There might be others but I'm going to stop there. However, here's what's so funny. If you try this URL,

http://lessig.org/news/2000/

his web server will note that it doesn't exist---but will list many of the above directories as *suggestions* for what you might have meant to type!

Clearly, none of these directories contains private content. In fact, I'm fairly sure that all of the content in the news directories is linked to on the site itself. But it does point out the promiscuity of a web server whose default behavior has not been changed from its default.