Sometimes finding all the web applications in an organisation can be the difficult part in trying to assess what risks exist.
Transport for London don't just have web sites and, I suspect, an intranet. They have been gradually moving from whiteboards for live underground travel news at tube stations:
And now have electronic versions:
I don't know what technology is being used here, but other information boards have been seen to display web browser error messages leaking network information:
But, what about elsewhere? I saw this on the live electronic advertisement boards at Bond Street station this weekend:
Sorry it's a bit blurred, but I was going up the escalator at the time. Several, but not all the displays had their system names shown rather than an advertisement. It certainly looks like an IP address, but is there a web application inside? I've previously highlighted other information systems and displays that seem to be IP-enabled.
An investigation of your network, examining what is listening on which ports, and correlating this with the actual network traffic, might reveal more web applications than you thought.
Posted on: 25 October 2009 at 18:46 hrs