Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Is netcraft publishing URL of your intranet sites?

from [Saqib Ali] Network Security [Permanent Link]
Subject: Is netcraft publishing URL of your intranet sites?
Date: Tue, 13 Sep 2005 09:00:31 -0700 
Hello All,

Seems like netcraft is publishing URLs of the "IntrAnet" sites on
their "Most Visited Web Sites"  webpage. For e.g. see
http://toolbar.netcraft.com/stats/topsites?s=BC2835548233105D201D1B94E743#1440209

It has listed IBM's secure intranet site: <
https://w3esapp1.endicott.ibm.com > in the list, and also <
http://nindsplus.ninds.nih.gov > . Both of these are intranet sites. I
can list many others.

This provides attackers/hacker an easy way to collect hostnames of
your application servers that reside inside your firewall.

This goes against the Netcraft's policy of collecting information
about IntrAnet sites and publishing it on the internet. See "Will
Netcraft know which pages I visit?" @
http://toolbar.netcraft.com/help/faq/index.html#riskrating

Verify that your intranet sites are not listed on this website. If
they are contact Netcraft and complain.

P.S. This information is collected by netcraft's anti-phishing
toolbar. This is a good example of how a seemingly harmless browser
plugin can cause security issues.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: web application testing framework, Stephen de Vries
Next by Date:  simplicity improves security?, Saqib Ali
Previous by Thread:  web application testing framework, Serg Belokamen
Next by Thread:  Re: Is netcraft publishing URL of your intranet sites?, Darren Bounds
Indexes:  [Date] [Thread] [Top] [All Lists]