Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities

    Newsletter
fulham football stadium

Certificates Are a Communication Tool

Which is easier to say?

As a company we:

  • deployed firewalls on our laptops, servers, and network boundary
  • deployed 2FA on our cloud services and remote access
  • use good password standards and actively manage the use of passwords
  • manage new team members joining and departing
  • separate administrative roles from everyday roles
  • use anti-malware techniques
  • only use licensed and supported software
  • apply security patches to systems within 14 days

Or:

“We're Cyber Essentials certified.”

Certification is a communication tool.

...and still not a destination

Accents, Dialects and Fingerprinting Vulnerabilities

Some servers are like football supporters on a Saturday afternoon - advertising their presence. A Fulham shirt can narrow down where someone lives to a small part of West London. Similarly, connecting to a website, the server neatly responds with the software name, version, and the features it supports.

But there is a more subtle way to identify where someone's from - to listen. In England, "there is an accent shift every 25 miles", according to David Crystal, the author of You Say Potato: The Story of English Accents. Geordie, Scouse, Yorkshire, Brummie, West Country, Essex, Cockney - to name a few. Not to mention the numerous colloquial names for a humble "bread roll".

With servers - there's a parallel in the protocols they speak. You see, network protocols aren't perfectly defined. As long as 90% is the same - that's good enough. This means there are parts left up to the developer. Need to start a counter at a 'random value'? How about starting with a zero... always?

Over time, as the protocols evolve - and backwards compatibility is required - there are aspects of protocols that are no longer used. If a computer doesn't need to use a particular field… leave it blank. But how? Fill it with 000 or FFF or "   " - you choose.

These tiny details become a signature. An accent. And with effort, it's possible to spot the accent and know which application created the message. From there, it's a simple search to find the vulnerabilities.

Simply by listening, it's possible to spot that the old forgotten server hasn't been supported for 8 years... as one of our customers recently discovered.

May 3, 2022
2 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

Freshsec Logo

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.

Resources

Fresh Security Support

Your Questions

Blog

Legal Bits

Your Privacy

Our Terms

Cookies