Certificates Are a Communication Tool
Which is easier to say?
As a company we:
- deployed firewalls on our laptops, servers, and network boundary
- deployed 2FA on our cloud services and remote access
- use good password standards and actively manage the use of passwords
- manage new team members joining and departing
- separate administrative roles from everyday roles
- use anti-malware techniques
- only use licensed and supported software
- apply security patches to systems within 14 days
“We're Cyber Essentials certified.”
Certification is a communication tool.
...and still not a destination
Accents, Dialects and Fingerprinting Vulnerabilities
Some servers are like football supporters on a Saturday afternoon - advertising their presence. A Fulham shirt can narrow down where someone lives to a small part of West London. Similarly, connecting to a website, the server neatly responds with the software name, version, and the features it supports.
But there is a more subtle way to identify where someone's from - to listen. In England, "there is an accent shift every 25 miles", according to David Crystal, the author of You Say Potato: The Story of English Accents. Geordie, Scouse, Yorkshire, Brummie, West Country, Essex, Cockney - to name a few. Not to mention the numerous colloquial names for a humble "bread roll".
With servers - there's a parallel in the protocols they speak. You see, network protocols aren't perfectly defined. As long as 90% is the same - that's good enough. This means there are parts left up to the developer. Need to start a counter at a 'random value'? How about starting with a zero... always?
Over time, as the protocols evolve - and backwards compatibility is required - there are aspects of protocols that are no longer used. If a computer doesn't need to use a particular field… leave it blank. But how? Fill it with 000 or FFF or " " - you choose.
These tiny details become a signature. An accent. And with effort, it's possible to spot the accent and know which application created the message. From there, it's a simple search to find the vulnerabilities.
Simply by listening, it's possible to spot that the old forgotten server hasn't been supported for 8 years... as one of our customers recently discovered.