I was just so amused by the creativity of a system administrator that I had absolutely no choice other than to write about it. Let me set the scene. I was attempting to bring up my banks website, but the site did not load. In an effort to deduce the problem I visited wellsfargo.com (another large financial institution). The homepage of Wells Fargo loaded perfectly, and thus I wasn’t having any obvious problem with my internet connection.

So what did I find so amusing and funny? Well, it turns out that the Server tag returned in the HTTP Header for Wells Fargo is “KONICHIWA/1.0″ At this point, I probably should have enjoyed the laugh instead of investigating further. But I didn’t. First, I went to Netcraft and did a search for wellsfargo.com. Netcraft shows Wells Fargo as using “KONICHIWA/1.0″ at least as far back as 2006. It was now time to set my gut feeling aside that this name was just a cute obfuscation of the real Application Server and confirm that there wasn’t any new product on the market named Konichiwa. So, I did the research and it turns out my instincts were right.

So why am I writing about this, why are you reading this, and what Application Server is Wells Fargo actually using? I will now hopefully answer at least two of those three questions!

There is a long history of security professionals and system administrators attempting to obfuscate what equipment they use [disclaimer: I am a hypocrite and follow these practices]. The rationale for this is simple: If somebody wants to do something malicious to exploit your vulnerabilities it will harder to do so if they think you are using product A instead of product B. This is merely an illusion, but it gives some peace of mind. Solving the mystery wasn’t incredibly difficult thanks to Net-Square Solutions, a security research firm based in India. They have developed a product httprint which uses web server fingerprinting to attempt to identify web servers based on their characteristics instead of the standard HTTP header which as we have seen can easily be obfuscated and renamed to “Konichiwa” which loosely means good day in Japanese.

Enough “Geeking Out”. The output from httprint is below, and Wells Fargo is actually running Netscape Enterprise Server 6.0 which makes much more sense.

httprint v0.301 (beta) - web server fingerprinting tool
(c) 2003-2005 net-square solutions pvt. ltd. - see readme.txt
http://net-square.com/httprint/
httprint@net-square.com
 
Finger Printing on http://www.wellsfargo.com:80/
Host Redirected to https//www.wellsfargo.com:443/
Finger Printing Completed on https://www.wellsfargo.com:443/
--------------------------------------------------
Host: www.wellsfargo.com
Derived Signature:
KONICHIWA/1.0
9E431BC86ED3C295811C9DC5811C9DC5811C9DC594DF1BD04276E4BBC184CB92
7FC8D095AF7A648F2A200B4C811C9DC5811C9DC5811C9DC5811C9DC52655F350
FCCC535B811C9DC5FCCC535B811C9DC568D17AAE2576B7696ED3C2959E431BC8
6ED3C295E2CE6922811C9DC5811C9DC5811C9DC56ED3C2956ED3C295E2CE6923
E2CE6923FCCC535F811C9DC568D17AAEE2CE6920
 
Banner Reported: KONICHIWA/1.0
Banner Deduced: Netscape-Enterprise/6.0

The ticket industry is about to change and when it comes to ticket giant Ticketmaster there seems to be truth in the rumors I’ve been hearing over the past year and a half. First, the news came that Live Nation (one of the largest and most powerful promoters) would be severing there relationship with Ticketmaster at the end of 2008. Then noise this past January about Ticketmaster’s plans to acquire TicketsNow (one of the largest ticket brokers and player in the secondary ticket market). And now… Ticketmaster will apparently be $750 million dollars in debt when it is spun off from its parent company IAC.

The days of mystery launch dates are over! aticketrevolution.com is launching next week and zigabid.com is launching the last week of July.

After many years in hiatus, UCLA revitalizes the on campus Java User Group. The first meeting is August 7th. Though there is already a Los Angeles JUG, I am rather excited to spend lunch time at the university and mingle with up and coming talent.

For folks that are involved in IT Budgeting I’ve got to lend a little advice about purchasing SSL certificates. These days most websites require SSL functionality. When purchasing a certificate be sure to not purchase it for only a  single year. The pricing of SSL isn’t expensive in 2008, and the time required to install these certificates can be rather grandiose. Thus, make sure you at least purchase a two year certificate. One year flies by faster than you can imagine and the cost of installation is much greater than the cost of the certificate. Invest in your business, buy long term and thank me later.

Well its been a month since I’ve posted, so I figure I am due for an update. I’ve been rather busy at work preparing for a pending public public Beta launch. There is also a summer brianjeremy.com color set, however I haven’t found the spare time to implement the update. The next 90 days are packed full of business updates, conferences, meetings, traveling, and great music.