[Gllug] how reliable is netcraft?

James Courtier-Dutton james.dutton at gmail.com
Mon Dec 5 14:15:15 UTC 2011

On 5 December 2011 11:16, John Levin <john at technolalia.org> wrote:
> hi all,
> As preparation for a job interview tomorrow, I checked my prospective
> employer's website against netcraft.com. The results indicate that they are
> running a very outdated version of their CMS. I am now wondering how to
> raise this in my interview.
> My first concern is that netcraft may not be entirely accurate. How much
> faith should I put in their results?

If you are aware of a specific vulnerability with that old version, do
not test the vulnerability itself.
When they ask you if you have any questions, and based on previous
conversations it seems appropriate, ask them in a non-confrontational
way. I.e. "I have noticed a possible problem with your web site, who
is the web site security contact I could talk to?"

I have discovered vulnerabilities in web sites and company
infrastructure. I am actually quite surprised how non-interested a lot
of companies are when you try to report the problem to them.
Most of my discoveries have been accidental. Now days I don't even
bother reporting them.
I think the most surprising one was Sky Broadband. I would have had to
call a premium rate phone number just to report the problem.
I think it is over one year now, and the vulnerability still exists so
obviously no one else has discovered it.
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list