- #Security via obscurity how to#
- #Security via obscurity software#
- #Security via obscurity iso#
- #Security via obscurity plus#
I also checked the general security of these websites by using a free tool offered by Qualys, at. The websites visited for this task included, , and. I moved on to the “free” public information services. While sifting through browser results and social media, I found a few newspaper articles and similar name matches, but nothing exact to what I needed. I decided to use the simplest of tools, Google’s Chrome web browser. Public records, like housing and marriage licenses, are a great start. Join me on my journey to making a reconnection and catching up from the time lost by using some website know-how, free tools and a smidge of effort.Īs previously mentioned, everything is tracked. It appeared that my friend was not on ANY social media and may have moved far away from our extremely small hometown.
I was curious if I could take on this challenge on my own with the knowledge that I've gained in recent years. Our scenario started with a childhood friend disappearing from my life around my sophomore year of college and I wanted to reconnect. These resources now require some type of paywall prior to accessing the data. In that time, the resources that I will reference had plenty of time to resolve their security flaws and no longer seem to disclose information using the examples provided. Before I begin, please note that the research for this article was conducted over a year ago. The methods used are similar to a recent example that is brought to us by the Missouri government and their disclosure of social security numbers. In this article, I will share with you how easy it can be to find someone’s phone number online using a website with security flaws. With all of this in mind, web applications can still be released in an insecure manner and disclose our personal information. Such regular testing can lead to the visibility of critical flaws in a public-facing infrastructure and allow security teams to make a more secure environment. This type of testing helps to ensure the security of externally facing, custom developed or Commercial Off The Shelf (COTS), applications are reviewed periodically and supported by a secure SDLC.
#Security via obscurity plus#
I have coordinated several independent third-party web application penetration tests over the last ten plus years working in IT Security. Therefore, the OWASP Top 10 has grown to be an industry standard that should be used as a default baseline for all internet-based applications. OWASP provides free and open-source materials along with international and unbiased information, regarding the security of web applications.
#Security via obscurity software#
Security of websites and web applications found in your everyday Software as a Service (SaaS) solutions can be measured through secure Software Development LifeCycle (SDLC), code reviews and compliance to the Open Web Application Security Project (OWASP). Of course, if a data breach with your information does occur, you will likely find out when the general public is made aware, and you are typically only provided a coupon for future services and credit monitoring for a year or two. Default tracking settings for mobile, smart devices or the Internet of Things (IoT) are conveniently turned on by the manufacturer or service provider and device users are none the wiser. All we need to do is dig a little deeper to find more information that may be public, or private for that matter.
#Security via obscurity how to#
Our personal information is out there if you know where and how to look for it. The internet offers a plethora of information about you and everyone else, whether we like it or not.
#Security via obscurity iso#
K eith’s primary focus is on ISO 27001 compliance and team analytics, but also manages vulnerability, policy, penetration testing and client audit review programs, just to name a few. By Keith Bruce, CISSP and IT Security Compliance Analyst.