[Owasp-singapore] [security-77] Follow-up from yesterday's meetup

Wong Onn Chee ocwong at usa.net
Fri Aug 14 23:33:53 EDT 2009


Aung Khant,

Thanks for your insight.
Acknowledge that all vendors want to advertise their products.
We do live in the real world. :-)

However, in this case Juniper can still advertise their product in the
following way, without disclosing too much info

HTTP/1.x 200 OK
Date: Fri, 14 Aug 2009 10:38:03 GMT
X-Powered-By: ASP.NET <http://ASP.NET>
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Concealed by Juniper Networks DX
Content-Encoding: deflate
Warning: 214  "Juniper Networks DX Active"
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Via: 1.1 dx2 (Juniper Networks Application Acceleration Platform - DX
5.2.6 0)
Set-Cookie: rl-sticky-key=c0a8089b; path=/;

It is one matter when advertising that "hey, there is a Juniper here",
but it is another matter when disclosing too much info, such as build
version.



On 08/15/2009 01:38 AM, Aung Khant wrote:
>
> WAF vendors know it. But they want to advertise their products.
> As far as I touch, almost all vendors advertise their products in any
> means.
>
>
>
> On Fri, Aug 14, 2009 at 5:23 PM, Wong Onn Chee <ocwong at usa.net
> <mailto:ocwong at usa.net>> wrote:
>
>     For those of you who were there in yesterday's meetup,
>
>     Besides the SG govt leak, I also shared how I spotted one of our
>     local transport companies did not do a clean job in securing their
>     web site information becos they expose the WAF/Firewall that they
>     are using.
>
>     Here is the HTTP response for your reference:
>
>     HTTP/1.x 200 OK
>     Date: Fri, 14 Aug 2009 10:38:03 GMT
>     X-Powered-By: ASP.NET <http://ASP.NET>
>     X-AspNet-Version: 1.1.4322
>     Cache-Control: private
>     Content-Type: text/html; charset=utf-8
>     Server: Concealed by Juniper Networks DX
>     Content-Encoding: deflate
>     Warning: 214  "Juniper Networks DX Active"
>     Vary: Accept-Encoding, User-Agent
>     Transfer-Encoding: chunked
>     Via: 1.1 dx2 (Juniper Networks Application Acceleration Platform -
>     DX 5.2.6 0)
>     Set-Cookie: rl-sticky-key=c0a8089b; path=/;
>
>     Yes, they have done something good by adding a Juniper WAF in
>     front of their web server, but is there really a need to tell the
>     entire world you are using Juniper Networks Application
>     Acceleration Platform - DX 5.2.6 0?
>     And that you are running ASP.Net version 1.1.4322 too?
>     Why changed the Server to "Concealed" at all when everything else
>     is leaked?
>
>     *Lesson*: If you want to conceal, please conceal fully. Don't
>     conceal one thing and reveal another thing. IS pros should not be
>     playing peekaboo games....we don't work in Geylang.
>
>     Again, ostrich symptom in play here - thinking that there is
>     nothing more to be done after slapping a Juniper in front of your
>     web server.
>
>     Maybe we can run the first SG OWASP conference and call it
>     "Ostrich Conference"?
>     Any seconders? ;-)
>
>
>     Regards
>     Onn Chee
>
>
>
>
>     --
>     Please Note: If you hit "*REPLY*", your message will be sent to
>     *everyone* on this mailing list (security-77 at meetup.com
>     <mailto:security-77 at meetup.com>)
>     This message was sent by Wong Onn Chee (ocwong at usa.net
>     <mailto:ocwong at usa.net>) from The Singapore Security Meetup Group
>     <http://www.meetup.com/SGSecurityMG/>.
>     To learn more about Wong Onn Chee, visit his/her member profile
>     <http://www.meetup.com/SGSecurityMG/members/1756147/>
>     To unsubscribe or to update your mailing list settings, click here
>     <http://www.meetup.com/account/comm/>
>
>     Meetup Support: support at meetup.com <mailto:support at meetup.com>
>     632 Broadway, New York, NY 10012 USA
>
>
>
>
> -- 
> Best Regards
> YGN Ethical Hacker Group
> http://yehg.net
>
>
>
>
>
> --
> Please Note: If you hit "*REPLY*", your message will be sent to
> *everyone* on this mailing list (security-77 at meetup.com
> <mailto:security-77 at meetup.com>)
> This message was sent by Aung Khant (aungkhant at yehg.net) from The
> Singapore Security Meetup Group <http://www.meetup.com/SGSecurityMG/>.
> To learn more about Aung Khant, visit his/her member profile
> <http://www.meetup.com/SGSecurityMG/members/8456195/>
> To unsubscribe or to update your mailing list settings, click here
> <http://www.meetup.com/account/comm/>
>
> Meetup Support: support at meetup.com
> 632 Broadway, New York, NY 10012 USA 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20090815/57323dd3/attachment.html 


More information about the Owasp-singapore mailing list