top of page
Search

The Perception of Security

Hexagonal grid with glowing blue padlock icons on a dark background, creating a secure, digital atmosphere with a futuristic feel.

You're secure, right? Passing your vulnerability scans? Pen tester got nothing to say? 

  

You have no vulnerabilities that can be detected externally. You're secure. 

  

Congratulations! You just won the internet. 

  

So, this stops the bad guys having a go? Of course not.

  

They have almost unlimited time to mess with you. 

  

Here it is important to split the bad guys into some groups: 

  

1) APT. Advanced Persistent Threat. Usually acting on behalf of a nation state these are your proper baddies. 

2) Black Hattery. Folks with something to prove or trying to sell your information to criminal organisations. 

3) Script Kiddies. Doing it for the fun. This is the background noise. 

  

So how to deal with this smorgasbord of evil?

  

If you're unfortunate enough to be a target of an APT, there's not a lot you can do other than build out your operational security and absorb the attack. That's another story. 

  

Black hats and script kiddies operate on low-hanging fruit, and that brings us to the perception of security. 

  

Enumerating versions of soft components on internet-facing infrastructure is trivial.  Software versions can tell an attacker a lot about the state of the infrastructure. 

  

I'm going to pick on my old favourite, jQuery as an example.  At the time of writing the current version is 4.0.0 released 18th January 2026. The earliest version with no vulnerabilities? 3.5.0 released 10th April 2020. 

  

Over 6 years and 10 released versions with no vulnerabilities. 

  

You're on v3.5.0.  No vulnerabilities.  You're grand! 

  

But that's not how your attacker sees it. 

  

Your attacker sees that you've not patched for 6 years. Wonder what else hasn't been patched that could be vulnerable? 

  

Out comes the little book of black hattery and you're now under attack. 

  

Are you sure you're completely secure? Would you bet your house on it? 

  

Even if you’ve no detectable vulnerabilities, you should still make sure you're running the latest stuff. 

  

The perception of the bad guys is important. Are they going to have a go or are they going to move on because you're obviously on top of things and you look too hard? 

  

You want them to move on. Patch your stuff. Obfuscate the versions. Make it painful. They've got easier targets. 

 

 
 
 

Comments

New OC Logo Final WHITE.png

Copyright © 2026 One Compliance Cyber Limited. Privacy Policy

One Compliance Cyber Limited
Registered Address: James House, Yew Tree Way, Warrington WA3 3JD
Company Number: 08890330
VAT Number: GB292502213

bottom of page