Sunday, November 25, 2012

Error Handling: Another Surface Attack Area to Minimize

Friends of mine know that I'm a huge fan, and in reading a recent article discussing how even though there's ample support for allowing people to rip their own DVDs to multiple devices, the U.S. Copyright Office still considers it illegal.  On a quick side note, the legal term to reflect this activity is called "space shifting."

Anyway, in the post there's a reference to the Internet Blueprint, a site which is apparently dedicated to discussions and petitions of opinion in how the Internet should be governed.  Interested, I clicked on the link to see what was on this "Internet Blueprint" and upon the page loading, what do I see?  This:

One practice of coding securely is taking care of your error handling so for those who "fuzz" the web application, any error output is so general that a hacker has a harder time making sense of what's running.  From this error however, I can clearly see that it's running on WordPress.  I can also see the directory structure, which adds to a hacker's "fingerprinting" of this system.

I thought it was interesting and decided I'd share the thought.