Deliberate obfuscation of environment information is a legitimate security
technique but, I have never seen this used on debug information. If nothing
else, you severely hamper your developers ability to fix problem quickly and
effectively. The type of information in this error message combined with the
fact that their sites have been throwing errors since inception lead me to
believe that obfuscation is not being used here. Also, I've talked with
their web team before regarding various issues and the problem always ends
up being related to the error message that is thrown.
Steve
-----Original Message-----
From: Greg Creedon [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 12, 2000 11:55 AM
To: '[EMAIL PROTECTED]'
Subject: RE: You know what would be really cool?
I see! What a great idea. All of the tech staff and admins would have
their Allaire Secret Decoder Rings(tm), available in Personal or
Enterprise versions. Error says ODBC error? A quick flick of the dial and
it's actually a syntax error! Zounds! a misplaced > sign.
The future is so bright, I need shades!
Greg Creedon
On Wed, 12 Jul 2000, Bryan Batchelder wrote:
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01BFEC13.BA40F1D0
> Content-Type: text/plain
>
> Or they have deliberately misinformed you in the error message :-) Not
that
> the error is deliberate...but the information it is giving you could be
> deliberately wrong.
>
> I have done this in past systems I have worked on.....and set up most of
my
> UNIX boxes to give wrong profiling information (including information in
> errors).
>
> Just a thought. Its fun watching people try linux exploits on a solaris
> box...or vice versa - or making a linux box look like an NT box.
>
> --------------------------------------------
> Bryan D. Batchelder Work: 813-935-7100
> Palm/Internet Developer Home: 727-547-1322
> --------------------------------------------
> ConnectWise, Inc. (www.ConnectWise.com)
> 2803 West Busch Blvd, Suite 204
> Tampa, FL 33618
> --------------------------------------------
>
> -----Original Message-----
> From: Steve Bernard [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 11:03 AM
> To: [EMAIL PROTECTED]
> Subject: RE: You know what would be really cool?
>
>
> It is truly a sad state of affairs isn't it? This sort of thing has been
> happening on a regular basis since Allaire first started hosting a
website.
> All three of their main components, Corporate, Forums, and Beta sites,
have
> gone down or produced errors that really make them look bad. The two
general
> types that I have seen the most, and that speak volumes about their
> infrastructure/administration in my opinion, are related to
performance/load
> and database management. Ironically enough, these are two of tenants of
the
> Allaire Performance Tuning class, optimizing your code and your database.
> Another problem that this exposes is Allaire's attention to detail and
> security. You can learn a lot about a system by getting such error
messages.
> It may seem innocent enough but from this error message you know:
>
> 1) Using IIS
> 2) .. therefore, using NT
> 3) Web root is on D:, seperate from the system root
> 4) Exact path to the customtags directory
> 5) Template name
> 6) Exact line of offending code
> 7) 'CustomTagsV65' may indicate that they have multiple versions in one
> tree. This may provide further opportunity
> if the system is breached.
> 8) Allaire doesn't monitor it's servers effectively
> 9) Allaire doesn't seem to take it's web presence seriously enough even
> though the product it sells is made for
> developing high-end, robust, data-driven, web sites (enought buzz words
> there?).
>
> All this provides is information, not vulnerabilities, but, it is a
definite
> start in profiling the system, and all without having to send a single
> suspicious packet their way. Anyone who has spent time profiling systems
> will understand this. So if Allaire is this shoddy in
protecting/maintaining
> their corporate site what's going on with the areas of the site that
manage
> customer information?
>
> Steve
>
> p.s. I don't have anything against Allaire, I'm just calling it like I see
> it.
>
>
> > -----Original Message-----
> > From: Sean Renet [mailto:[EMAIL PROTECTED]]
> >
> > I think it would be really cool if you went to Allaire's website,
searched
> > for something and didn't get this:
> >
> > Error Diagnostic Information
> > Error occurred in tag CFSEARCH
> >
> > Collection failed to open: AllaireWeb6SiteSearch
> >
> >
> > The error occurred while processing an element with a general
> > identifier of (CFSEARCH), occupying document position (28:1) to (31:57)
in
> > the template file
> > D:\WWWROOT\ALLAIREWEB65\CUSTOMTAGSV65\ALLAIREWEB\SITESEARCH\SITESE
> > ARCH.CFM.
> >
> >
> > Date/Time: 07/11/00 22:55:58
> > Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
> > Remote Address: 63.203.119.82
> > HTTP Referer: http://www.allaire.com/search/index.cfm
> >
> >
> >
> > How do these guys expect to have people buy into this language when
thier
> > own site is constantly breaking?
>
> --------------------------------------------------------------------------
--
> --
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
> ------_=_NextPart_001_01BFEC13.BA40F1D0
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
> 5.5.2650.12">
> <TITLE>RE: You know what would be really cool?</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2>Or they have deliberately misinformed you in the =
> error message :-) Not that the error is deliberate...but the =
> information it is giving you could be deliberately wrong.</FONT></P>
>
> <P><FONT SIZE=3D2>I have done this in past systems I have worked =
> on.....and set up most of my UNIX boxes to give wrong profiling =
> information (including information in errors).</FONT></P>
>
> <P><FONT SIZE=3D2>Just a thought. Its fun watching people try =
> linux exploits on a solaris box...or vice versa - or making a linux box =
> look like an NT box.</FONT></P>
>
> <P><FONT SIZE=3D2>--------------------------------------------</FONT>
> <BR><FONT SIZE=3D2>Bryan D. =
> Batchelder Work: =
> 813-935-7100</FONT>
> <BR><FONT SIZE=3D2>Palm/Internet Developer Home: =
> 727-547-1322</FONT>
> <BR><FONT SIZE=3D2>--------------------------------------------</FONT>
> <BR><FONT SIZE=3D2>ConnectWise, Inc. (www.ConnectWise.com)</FONT>
> <BR><FONT SIZE=3D2>2803 West Busch Blvd, Suite 204</FONT>
> <BR><FONT SIZE=3D2>Tampa, FL 33618</FONT>
> <BR><FONT SIZE=3D2>--------------------------------------------</FONT>
> </P>
>
> <P><FONT SIZE=3D2>-----Original Message-----</FONT>
> <BR><FONT SIZE=3D2>From: Steve Bernard [<A =
> HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>
> <BR><FONT SIZE=3D2>Sent: Wednesday, July 12, 2000 11:03 AM</FONT>
> <BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT>
> <BR><FONT SIZE=3D2>Subject: RE: You know what would be really =
> cool?</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>It is truly a sad state of affairs isn't it? This =
> sort of thing has been</FONT>
> <BR><FONT SIZE=3D2>happening on a regular basis since Allaire first =
> started hosting a website.</FONT>
> <BR><FONT SIZE=3D2>All three of their main components, Corporate, =
> Forums, and Beta sites, have</FONT>
> <BR><FONT SIZE=3D2>gone down or produced errors that really make them =
> look bad. The two general</FONT>
> <BR><FONT SIZE=3D2>types that I have seen the most, and that speak =
> volumes about their</FONT>
> <BR><FONT SIZE=3D2>infrastructure/administration in my opinion, are =
> related to performance/load</FONT>
> <BR><FONT SIZE=3D2>and database management. Ironically enough, these =
> are two of tenants of the</FONT>
> <BR><FONT SIZE=3D2>Allaire Performance Tuning class, optimizing your =
> code and your database.</FONT>
> <BR><FONT SIZE=3D2>Another problem that this exposes is Allaire's =
> attention to detail and</FONT>
> <BR><FONT SIZE=3D2>security. You can learn a lot about a system by =
> getting such error messages.</FONT>
> <BR><FONT SIZE=3D2>It may seem innocent enough but from this error =
> message you know:</FONT>
> </P>
>
> <P><FONT SIZE=3D2>1) Using IIS</FONT>
> <BR><FONT SIZE=3D2>2) .. therefore, using NT</FONT>
> <BR><FONT SIZE=3D2>3) Web root is on D:, seperate from the system =
> root</FONT>
> <BR><FONT SIZE=3D2>4) Exact path to the customtags directory</FONT>
> <BR><FONT SIZE=3D2>5) Template name</FONT>
> <BR><FONT SIZE=3D2>6) Exact line of offending code</FONT>
> <BR><FONT SIZE=3D2>7) 'CustomTagsV65' may indicate that they have =
> multiple versions in one</FONT>
> <BR><FONT SIZE=3D2>tree. This may provide further opportunity</FONT>
> <BR><FONT SIZE=3D2> if the system is breached.</FONT>
> <BR><FONT SIZE=3D2>8) Allaire doesn't monitor it's servers =
> effectively</FONT>
> <BR><FONT SIZE=3D2>9) Allaire doesn't seem to take it's web presence =
> seriously enough even</FONT>
> <BR><FONT SIZE=3D2>though the product it sells is made for</FONT>
> <BR><FONT SIZE=3D2> developing high-end, robust, =
> data-driven, web sites (enought buzz words</FONT>
> <BR><FONT SIZE=3D2>there?).</FONT>
> </P>
>
> <P><FONT SIZE=3D2>All this provides is information, not =
> vulnerabilities, but, it is a definite</FONT>
> <BR><FONT SIZE=3D2>start in profiling the system, and all without =
> having to send a single</FONT>
> <BR><FONT SIZE=3D2>suspicious packet their way. Anyone who has spent =
> time profiling systems</FONT>
> <BR><FONT SIZE=3D2>will understand this. So if Allaire is this shoddy =
> in protecting/maintaining</FONT>
> <BR><FONT SIZE=3D2>their corporate site what's going on with the areas =
> of the site that manage</FONT>
> <BR><FONT SIZE=3D2>customer information?</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Steve</FONT>
> </P>
>
> <P><FONT SIZE=3D2>p.s. I don't have anything against Allaire, I'm just =
> calling it like I see</FONT>
> <BR><FONT SIZE=3D2>it.</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>> -----Original Message-----</FONT>
> <BR><FONT SIZE=3D2>> From: Sean Renet [<A =
> HREF=3D"mailto:[EMAIL PROTECTED]">mailto:sean@broadcastdynamics=
> .com</A>]</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> I think it would be really cool if you went to =
> Allaire's website, searched</FONT>
> <BR><FONT SIZE=3D2>> for something and didn't get this:</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Error =
> Diagnostic Information</FONT>
> <BR><FONT SIZE=3D2>> Error =
> occurred in tag CFSEARCH</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Collection =
> failed to open: AllaireWeb6SiteSearch</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> The error =
> occurred while processing an element with a general</FONT>
> <BR><FONT SIZE=3D2>> identifier of (CFSEARCH), occupying document =
> position (28:1) to (31:57) in</FONT>
> <BR><FONT SIZE=3D2>> the template file</FONT>
> <BR><FONT SIZE=3D2>> =
> D:\WWWROOT\ALLAIREWEB65\CUSTOMTAGSV65\ALLAIREWEB\SITESEARCH\SITESE</FONT=
> >
> <BR><FONT SIZE=3D2>> ARCH.CFM.</FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> Date/Time: =
> 07/11/00 22:55:58</FONT>
> <BR><FONT SIZE=3D2>> Browser: =
> Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)</FONT>
> <BR><FONT SIZE=3D2>> Remote =
> Address: 63.203.119.82</FONT>
> <BR><FONT SIZE=3D2>> HTTP =
> Referer: <A HREF=3D"http://www.allaire.com/search/index.cfm" =
> TARGET=3D"_blank">http://www.allaire.com/search/index.cfm</A></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>></FONT>
> <BR><FONT SIZE=3D2>> How do these guys expect to have people buy =
> into this language when thier</FONT>
> <BR><FONT SIZE=3D2>> own site is constantly breaking?</FONT>
> </P>
>
> <P><FONT =
> SIZE=3D2>---------------------------------------------------------------=
> ---------------</FONT>
> <BR><FONT SIZE=3D2>Archives: <A =
> HREF=3D"http://www.mail-archive.com/cf-talk@houseoffusion.com/" =
> TARGET=3D"_blank">http://www.mail-archive.com/cf-talk@houseoffusion.com/=
> </A></FONT>
> <BR><FONT SIZE=3D2>To Unsubscribe visit <A =
> HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
> sts/cf_talk" =
> TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
> &body=3Dlists/cf_talk</A> or send a message to =
> [EMAIL PROTECTED] with 'unsubscribe' in the =
> body.</FONT></P>
>
> </BODY>
> </HTML>
> ------_=_NextPart_001_01BFEC13.BA40F1D0--
> --------------------------------------------------------------------------
----
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>
>
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
