Home > Blogs > There are no secrets...

People sometimes think that their security vunerabilities are 'secret'.  They act as if no hacker can sense just how vunerable they are.  This is foolish wishing

My friend, Sim Paul Simon, once challenged me to prove that our infrastructures betray us.  FOOL!

I whipped out my fav' tool of more than a decade, curl, and showed that his webservers were foolishly stating their type and version.  A quick trip to a search engine provided detailed weakness information on his webserver versions... and toolkits.

I then took him to a command prompt and showed him his computer's IP address.  His ISP had a history of security issues.  Oh well.

I then told him that every website learned more about his system than he knew!  I took him to iwebtool.com/tools (this site rocks!) and took him to Your Browser details.  User Agent gave the details on the browser, the OS, version info...  Hmmmm, how is it that hackers are able to tailor attacks, as you wildly click links without thinking?

We went to another site, crafted as Office docs converted to HTML.  NEATO!  There was the version of Office as well as the creator's Windows ID used to create the page! 

And speaking of Office files, we peered into several and their properties, each property revealing a real chain of inheritance, especially through the Template field.  Additionally, each format also has characteristic headers, thereby identifying which version was used to create the file.

You may sit at your computer thinking that your security vulnerabilities, your "Security Secrets", are safe from the scrutiny of hackers-for-hire.  Not so!  Each client tool you use, every data file you transfer or share, each network setting that your PC blasts across the Internet ether, all of these shout, "HACK ME!"--when you delay patching or upgrading to current versions of older, more vulnerable software. 

Wishing you the quickest updates possible,

jt

Comments

comments powered by Disqus