Sunday, November 25, 2012
Labels:
error handling
,
internet blueprint
,
secure code practices
Friends of mine know that I'm a huge Lifehacker.com fan, and in reading a recent article discussing how even though there's ample support for allowing people to rip their own DVDs to multiple devices, the U.S. Copyright Office still considers it illegal. On a quick side note, the legal term to reflect this activity is called "space shifting."
Anyway, in the post there's a reference to the Internet Blueprint, a site which is apparently dedicated to discussions and petitions of opinion in how the Internet should be governed. Interested, I clicked on the link to see what was on this "Internet Blueprint" and upon the page loading, what do I see? This:
One practice of coding securely is taking care of your error handling so for those who "fuzz" the web application, any error output is so general that a hacker has a harder time making sense of what's running. From this error however, I can clearly see that it's running on WordPress. I can also see the directory structure, which adds to a hacker's "fingerprinting" of this system.
I thought it was interesting and decided I'd share the thought.
Error Handling: Another Surface Attack Area to Minimize
Anyway, in the post there's a reference to the Internet Blueprint, a site which is apparently dedicated to discussions and petitions of opinion in how the Internet should be governed. Interested, I clicked on the link to see what was on this "Internet Blueprint" and upon the page loading, what do I see? This:
One practice of coding securely is taking care of your error handling so for those who "fuzz" the web application, any error output is so general that a hacker has a harder time making sense of what's running. From this error however, I can clearly see that it's running on WordPress. I can also see the directory structure, which adds to a hacker's "fingerprinting" of this system.
I thought it was interesting and decided I'd share the thought.
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment