Hidden

Sorry, this really isn’t a misconfigured page or a hidden page with goodies, it’s actually a research project. I’m tracking how many people click the link.

I’d appreciate if you’d leave me a comment below explaining one or more of the following:

  • WHY you clicked this link–what did you expect to find?
  • Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)
  • Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
  • Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?

Thanks for participating!

If you’re adventuresome, here’s another link to click.

Here’s a link for ITauditSecurity members only.

People Who Found This Page

Did you know you’re in an elite group? As of 12/10/14, only 1.7% of people who come to this site have clicked the HIDDEN link to come to this page.

That surprises me. I would have expected at least 5%, but I guess since most people find this site through Google, they just look at the post that brought them to the site and then leave without looking around much. Or is it because people are not as curious as I thought they are? They certainly can’t be too afraid to click the HIDDEN link.

Less than 60 people have clicked the OTHER links directly above the People Who… heading above. I guess they only trust me so much, which is good.

Or perhaps, as Natascha noted below, readers of an IT security & audit site are more cautious. Maybe so, but I think the Google factor has more to do with it. Agree or Disagree?

104 responses to “Hidden

  1. Hello there. You made me laugh – thanks for that. :)

    Like

  2. Grayson

    Because it said “hidden”…duh.

    Like

  3. exactly what Grayson said.

    Like

    • ITauditSecurity

      What I’m looking for is what you expected to find or hoped to find…

      I updated the above text to reflect that. Thanks.

      Like

  4. 2Hats

    Where’s the cheese .

    Let’s be honest, I was curious. Plus I thought if it’s “hidden” how come I can see it.

    Like

    • ITauditSecurity

      2Hats,
      Sorry, this is a research project, not a cheese factory. :)

      Seriously, I wanted to know how many people 1) notice the link (if you don’t notice HIDDEN, you won’t notice COPYRIGHT or the other links, and 2) would click on it, knowing it could be a malicious link (it isn’t).

      I wanted it to appear that it should be hidden, but was miconfigured.

      I am amazed that so few people have clicked on the link since it was put up (I need to calculate the percentage again). Is that because people ignore the top link bar and the side bars (the link is in both places) in general or that people who read an audit/security blog are more cautious?

      Thanks for your input. I revised my questions in the post as a result.

      Like

  5. Shane Grimm

    Saw some of your posts on ACL and curious to learn more about your site, just going across the top menu in sequence. Didn’t think it was anything malicious or secret, just thought it was some strange way of categorizing some of your blog content.

    And ya.. because it said “hidden” of course I clicked on it!

    PS – great site, keep it up! :)

    Like

  6. Danny

    Good point about “trust”. I never considered it really. I wasn’t looking for anything, just perusing everything the blog had to offer…and I wasn’t disappointed that there wasn’t any “cheese” or even “pizza”. Just followed a link from Greyson’s site.

    Like

    • ITauditSecurity

      Danny,
      Thanks for stopping by. Next time you’re at Grayson’s, tell him to pick up his blogging pen. I’ve missed reading what he’s been doing lately. Also, now that you have an approved comment, your future “perls” won’t be moderated.
      [Update: comments no longer need an approval, but the SPAM killer software is armed, willing, and ready…]

      Like

  7. coffeeking

    – I clicked it because it said “hidden” (curiosity overtook my thoughts)
    – I clicked it from the sidebar (didn’t even make it to the top, again, curiosity overtook my thoughts)
    – Not disappointed because I wasn’t expecting any cheese
    – Did not think it would be malicious because I have visited this blog several times and never had a anything malicious.

    How is the project coming along BTW.

    Like

    • ITauditSecurity

      coffeeking,
      The project is progressing slowly. A very small percentage of visitors click the link. Even fewer leave comments telling me why, etc. At some point I might reveal the percentage, but don’t want to bias the project. Perhaps I should just create another page off of this one with the details–that you can’t get to from anywhere else but from this page. Hmmmm.

      It’s hard for me to imagine how people miss the link. Perhaps they are afraid to click it, but I doubt it. In my experience, people will click almost anything (I have a funny audio story about one such experience that I’ll share someday), so I’m leaning towards they don’t notice the link.

      However, with the number of clicks I get on my ABOUT link at the top of the blog, I can’t fathom how they miss HIDDEN. It’s right next door.

      The project continues….and I trust your comments will also. I do believe you are hereby awarded the most prolific and valuable commenter on the ITauditSecurity blog!

      Like

  8. To be completely honest I didn’t notice it on top – and missed it while scrolling down to the blogroll. Wasn’t until I finished reading and commenting on another article that I noticed you had a second “links” section, and of course “Hidden” did strike me as a peculiar “misconfigured” link.

    Like

  9. Candace

    Like others I was curious. Everybody like a secret!

    Like

  10. Like Krupo, I thought you’d misconfigured it, typed it as a page or menu item instead of a category.
    Thoughts were :
    most likely an error, will see a blank page and leave a humourous comment (you beat me to that with your joke page)
    second option is some hidden files that you thought were not published, so had my eyes on seeing some incomplete or trashed drafts
    third option crossed my mind that you’d have some cheese here, as in : for some reason you had put sensitive (interesting) information on your blog site, and done the complete opposite of what you intended, making it accidentaly public
    Was a bit disappointed yes, but funny so I’ll get over it.

    Like

  11. gw890224

    I clicked it because I thought they might be hidden content here, and I also wanted to go through your whole blog. Noticed it at the top and not sidebar.

    Like

    • gw,
      Yes, I wanted you to think there was hidden content. Just curious about how many people see it and click it. Not as many as I thought take the bait, but too many people do. Thanks for commenting.

      Like

  12. Thanee

    As being curious what is HIDDEN!!!, I decided to click to find out and surprisingly it is nothing hidden, just the fact of human being testing for the blogger!!! You’re so smart !!

    Like

    • Thanee,
      Thanks for your comments. I need to do a writeup on how many people have clicked into this dark room. A lot more than those who commented. Evidently a lot of curious people out there. I’d bet if the link said “Virus”, even more readers would click it.

      Like

  13. DP

    Figured you had an evaluation copy of ACL somewhere there. Clicked to find out.

    Like

  14. Gary

    I thought it was the “humor” you purported to be on the site…nothing more nothing less.

    Like

    • It’s a mix of humor and research actually. I am so surprised that so few people click it. I need to publish the results (and I’ll publish it only for my ‘hidden’ friends, here on this page). Stay tuned. Thanks for your input, Gary.

      UPDATE – I published the results above. Rather disappointing, but hey, that’s what happens sometimes! See the ‘People Who Found This Page’ topic above.

      Like

  15. Why I click on it…..cuz I am an IT auditor. If I see a forbidden area that I am not supposed to see…..I get curious…..why/how/who.

    Like

  16. Natascha

    The “hidden” link, WHY? well because I’m curious of nature and was interested to see what would be hidden on a webpage discussing IT Security :-)

    Clicked the link from the top banner as this was where the word “hidden” had drawn my attention 1st. Did you consider that the link might be malicious? Yes, however I checked that the website is a “https” site and also know that my anti-virus and firewalls are up to date (better prepared than not)

    Did you feel cheated when you found no cheese? Nope, I actually learnt something, i.e. that only 1% of people visiting your site actually click on the link, could this indicate perhaps that people are more security conscious on the web than generally thought?

    Are you now more or less likely to click links like this in similar situations? I would still click a link in a similar situation, as I said before, I am curious of nature and I have always learnt something from being curious :-)

    Thanks for a good website, looking forward to future posts.

    Like

  17. Thad Anders

    Why: curiousity, of course.
    I clicked the top banner.
    I doubt a CISA puts up a malicious site.
    I had low expectations, so I don’t feel cheated. I can’t think of similar situations.

    Like

  18. Sam

    I was curious.
    I clicked the top banner.
    I half expected it would be some sort of test. I knew after reading your bio someone with your credentials wouldn’t put anything malicious on their site.
    As it was actually one of the two expectations I had (a test or some exciting secret) I was not too disappointed. A super exciting secret would have been nice, but I was dubious since if anyone is hiding something, they don’t usually create a link right to it. Nor do they typically name it “Hidden”.

    Like

  19. MG

    “Hidden” will always get curious minds to click.

    Like

  20. Kim (Ottawa, Ontario)

    I am a very curious person. (My husband would say ‘nosey’ but that title has never bothered me.) I’ve really enjoyed going through this site.

    Like

  21. I clicked on the link in the top menu bar. I clicked because I thought it might link to a page with more information on the page that I came here expecting to find which appears to not be available. I followed this link from the pdf https://itauditsecurity.wordpress.com/2012/03/30/free-cisa-study-guide/
    I did not think it was malicious and I was not disappointed to learn that it was an experiment. To a degree I thought it might be a members only type page and maybe it would have some good information to assist with my CISA studies.
    Now, since that was the very first link I clicked, I have to go explore the rest of the site. :)

    Like

  22. lol. For some reason I was hoping for more notes on other Certs / topics. Interesting project you have here. Btw. Thanks so much for the CISA notes.

    Like

  23. We’re in security, so when we see the word hidden, our interest is automatically piqued! :)

    Like

  24. Peter

    Clicked HIDDEN from the top menu
    I always am on quest of hidden features …
    I did _NOT_ think the link might be malicious – It’s on the site of a ITSecurity guy.
    No cheese for me please – intolerant to lactose :-)

    Like

  25. Bea

    I clicked the link from the top. Although, I am a little leery of WordPress sites – I wasn’t concerned about clicking on the tab as it seemed like part of the intended design. I am just naturally curious about things – so will usually click links to interesting things. Because the rest of the pages were pretty interesting and useful, I hoped to find some more info about the CISA exam. It didn’t bother me at all that this was the page the link took me to.

    Like

  26. Da Vinci

    ■WHY you clicked this link–what did you expect to find?
    Cliked it because I wanted to see what was hidden

    ■Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)

    Top banner

    ■Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?

    No, i didnt consider it might be a malicious link. Ooops

    ■Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?

    Nope, I dont feel cheated at all. I learnt that there was nothing hidden :-)

    Like

    • Thanks for the info. Learn from that oops. Don’t trust anyone, not even me. What if I bought this website from the former owner and then put malware on it. Would I be able to fool a lot of people? You bet.

      Food for thought. :)

      Like

  27. Grief

    WHY you clicked this link–what did you expect to find?
    Because I got curious why the tab says “Hidden.” I was expecting to find a an IT Audit treasure game or something. LOL!

    Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one) Top banner. I didn’t even noticed there was also link on the sidebar.

    Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
    Not really malicious. Again, I was just curious about what will I find once I click on the tab.

    Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
    Nope, it sounds like a good social experiment anway. I’d still click on the link if it catches my fancy, so to speak.

    Like

    • Grief, Thanks again for the comments. An IT Treasure game, that’s an idea. Maybe a series of pages that have a question on it, and depending on the answer you pick, you go to a different page/additional question. Based on your choices, maybe you could end up in prison or the auditor hero unearthing a fraud-related finding. Have any better ideas?

      Like

  28. Lol, hoping to find some hidden secrets you would share with us followers… after reading your inquiry….laughed at self, thinking – how foolish, could of been malicious, but that is contrary to the rest of your helpful blog…. So, bittersweet “click”… fooled me once… ha ha. Keep up the good work!

    Like

  29. Annie Omyous

    I clicked on the top banner.
    I’m fairly new to ACL and extremely rusty in my ACL scripting, so I was just trying to figure out things I could do, including possibly hiding scripts. Lame huh?

    I also figured my filters would prevent any malicious code from being loaded.

    I also suspect that you’re tracking ip addresses and a good way to figure out who we are is to link our comments to our addresses.

    Like

  30. Annie O,
    Hope you find some useful stuff here, but don’t trust technology too much. I think behavior trumps technology protection almost every time. I should write about something that happened at work with the I Love You virus. Anyone remember that one?

    Like

  31. Ndo

    I found this link on the sidebar. I expected a clever trick “hidden in plain sight” and strangely enough never thought it’d be malicious. Figured you’d audit your page for such :)
    Only for reputable sites like this one will I click on similar links

    Like

  32. hk

    – because it said ‘hidden’ and I’m a sucker.
    – banner at the top
    – i did not think it was malicious
    – I had a feeling it would lead to nothing and wasn’t expecting much, didn’t feel cheated but it satisfied my curiosity.

    Like

  33. Pardeep

    I wanted to know why it was classified as hidden. Could it be an error, intentional label, or did I just get unauthorized access? I had a feeling it was an experiment based of your background and so far the site was prepared well and free from errors based on a short-examination. I appreciate the effort put in and the information provided I am working towards a CPA and deciding if I want to prepare for the CISA.

    Like

    • Pardeep, thanks for the feedback. Your comment, “based on a short-examination” reminds me of the phrase some auditors use, which is “pass on further review”. Does anyone still use that, and what does it mean? I’ve never heard a satisfactory explanation.

      Anyway, thanks for stopping by.

      Like

  34. Josh

    WHY – It says hidden, it was either going to be cool or weird.
    WHERE – From the top banner.
    MALICIOUS – No, I assumed your site had not been hacked and based on your content, you’re not up to something nefarious

    Logically speaking, you could have been experimenting with the site design, and accidentally published a test page.

    Interesting experiment.

    Like

  35. Ganesh

    I knew it was a “trick” to see whether people afraid of clicking HIDDEN, but then I clicked to see what you have to say about that tab…My conviction paid off..cool one though!

    Like

  36. V3r0

    1. I was aware that the page is some kind of a trick, advertising for something that is not (hidden), but straightforwardly louring savy browsers
    2. Top banner
    3. Nope. I considered it to be a benign joke.
    4. I found exactly what the blog advertised. Especially the last word: humour.

    Like

  37. ScubaSteve1850

    Same as V3r0.

    Like

  38. Greysun (not Grayson)

    I clicked because I kept seeing it, and after a week when it hadn’t gone away I stopped believing it was a site update glitch and thought it was either a honey pot or a misconfiguration.

    I clicked from the side bar, I hadn’t even noticed the top bar.

    I did not think it would be malicious, but I took precautions anyway.

    I’m glad there was no cheese, I’m happy to write this comment but I was really dreading having to issue a finding when I originally came here for CISA study prep. I feel better about the company I’m keeping that a persistent vulnerability hasn’t been left open.

    Like

  39. blair151

    Ha! Thanks for the chuckle when I got to this page. This looks pretty old, but I’ll reply to your study questions anyway…
    >> WHY you clicked this link–what did you expect to find?
    I don’t know, maybe old posts or WIP posts or juicy details about your clients.
    >> Did you click the link from the top banner of the blog or the sidebar?
    Top banner
    >> Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
    No, based on my prior visits, you’ve established yourself as trustworthy, and a link like that, embedded in the page (as opposed to a link in someone comments on the page) didn’t seem suspicious at all. Maybe I’m too trusting.
    >> Did you feel cheated when you found no cheese?
    No, like I said, I thought it was kind of funny.
    >> Are you now more or less likely to click links like this in similar situations?
    I might think twice & hover to see the URL in the future, but I’ll probably still click!

    Like

  40. blair151,
    I appreciate your answering the questions. I am still interested in how people make decisions regarding these things. While I might be trustworthy, my site could have been hacked and hence the malicious. But if I hacked a site, I’d make sure I caught everyone, not just those who explored just one area of the website, so I can’t disagree with your methodology.

    The important question is, “Did you consider the risks and act accordingly?” I’d say yes.

    Glad you got a chuckle.

    Like

  41. I figured the page was accidentally not hidden in your WordPress menu settings. I expected to find a collection of Kitten Meme animated gifs.

    Like

  42. – I expected to find hidden gems (links to resources?) or maybe insider tips for IT Auditing
    – Topnav
    – Didn’t think it was malicious b/c the link was to a wordpress page not an executable. Also, I trust you.
    – I am interested in what your results are, what you expected, and what prompted this experiment

    Like

    • Christian,
      I did the original stats above (see People Who…topic above) and haven’t done them since. I expected a lot higher number of people to click it. I don’t get enough info on whether they clicked the top link or the side link to determine anything. Overall, I’m guessing that people don’t look much at the top banner or the side stuff, which surprised me. I always look at the top of websites.

      One of these days, I’ll look at the stats again and update the topic above.

      Like

    • Christian,
      I just updated the stats above…

      Like

  43. I was hoping to find some contact details for you. I love what you have done with this page….

    Like

  44. Dee

    I know nothing about IT Auditing, but would like to learn more so my curiousity compelled me to click on the Hidden link.

    WHY – because it was there.
    WHERE – clicked from the top banner.
    MALICIOUS? – No. I assumed it was another topic to learn from.
    CHEESE – No. actually delighted to find it was an experiment.

    Like

  45. Dying to be a CISA member, so i ended up here, perusal of the entire blog included tryna find out what goody-goody the hidden tab had. yeah disappointed but all smiles..haha

    Like

  46. Dorai

    Why i clicked & what i expected :
    Its my habit to skim through all the available pages in a websource/site which i feel, contain lots of useful info. Hence i clicked that link .

    Where i clicked :
    Clicked from “Top banner”

    “Suspcious of malicious? ”
    Actually i didn’t got any suspcious But I indeed felt a bit strange to see a major tab in home page with such strange title. Checked it to find much more intersting info.

    * Did you feel cheated when you found no cheese?
    Not really . Indeed i am glad to contribute some thing to your survey.

    Are you now more or less likely to click links like this in similar situations?

    Doesn’t matter when you are already prepared for surprises.
    I am always prepared.. (Smiles….)

    Like

    • Dorai,
      Thanks for a great, long comment. Readers don’t leave too many comments here these days. Good to see folks still poking around.
      I’m temped to change the name of this page to VIRUS and see how many more people click it….

      Like

  47. ◾WHY you clicked this link–what did you expect to find?

    I’m new to IT Audit and just discovered your blog. I clicked it because I wanted to avail myself of all the available resources.

    I didn’t really have any specific expectations.

    ◾Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)

    Top banner.

    ◾Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?

    No, I had read a good portion of your blog entries and had a decent feel that you weren’t a spammer, scammer or malicious agent. And besides, this computer is pretty well hardened against most of the bad stuff that can happen :)

    ◾Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?

    Not cheated because I came in with no preconceptions.

    I don’t think this experiences would really change my willingness to clock somewhere else. I’d have to evaluate and assess each site and decide if it seemed like a worthy risk.

    Like

  48. Bay

    I was told that curiosity was one of the top quality required for auditors you know, I’m just following advice here…

    Clicked from the top banner, didn’t even see the right bar.

    Well, well, if it’s be malicious I would have had to return the favor at some point, and I wouldn’t be the only one thinking the same. It’s hosted on WordPress, your site would be shutdown for long if it was malicious (and you wouldn’t want it as you put significant effort it). Don’t worry, I can find plenty of reasons.

    No, we’re all mad here. Same, I’ve been clicking on links for 20 years, ain’t going to change now.

    Like

  49. Bay,
    True, curiosity is good for auditors, but not when you need to wrap an audit up and your hours are running low. :)

    Like

  50. I am sorry i copied an answer for Dee

    WHY – because it was there. and I though the description in the page will tell me.
    WHERE – clicked from the top banner.
    MALICIOUS? – Maybe but it seems good blog, and you mentioned a secret project in about me I think, so I though you may want to reveal things about it.
    CHEESE – No. as i expected.

    Thank you, keep up the good work,

    Like

  51. Kabs

    I hardly leave comment online, but here we go:
    WHY you clicked this link–what did you expect to find?: What’s HIDDEN.
    Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one): From top banner
    Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind? Im kinda new to IT Audit so yes I have to be curious to be good at it.
    Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations? What makes you think I found no cheese? I will continue to be curious to be an IT auditor Guru.

    PS: Good posts by the way. Hope you can be my mentor.

    Like

    • Kabs,
      Thanks for taking the time to reply. You gave me a few chuckles.
      Being curious is good; just make sure the risks you take are calculated risks and worth the trouble.

      Glad you find the blog useful. Let me know how I can help. You can always leave a question in my Ask a Question post.(see top right of page under Quick Links).

      Like

  52. kimchimonster

    ■WHY you clicked this link–what did you expect to find? Something interesting
    ■Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one) top banner
    ■Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind? Every link might be malicious, and the title intrigued me
    ■Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
    Depends, but there is cheese here as the results are interesting.

    Like

  53. From the top banner link, I accessed the Hidden page. Out of curiosity clicked to see what is there. Not a bog disappointment.

    Liked by 1 person

  54. Emereldstar

    I clicked the link in the top banner out of curiosity mostly. I found my way here from risk3sixty and was just perusing your recent posts before scanning the banner. As I know the author of risk3sixty, I had no reason to believe your site would host malicious content and I was intrigued by such an odd header. As I didn’t know what to expect, I wasn’t disappointed either; in fact, I find your study rather interesting and fun.

    Liked by 1 person

  55. dragon

    I clicked on it because it said “hidden”. I was wondering why you would include it in a menu if you didn’t want anyone to access it, so I clicked to find out what it contained.

    Like

    • dragon

      – I clicked from the top banner
      – I didn’t expect it to be malicious because I had read other areas of the site. I hoped that my security was sufficient to warn or prevent me accessing it if it was malicious.
      – I didn’t feel cheated. As I said in earlier response, I just wanted to know why it was there. I found out so I didn’t feel cheated. It neither makes me more nor less likely to click links like this, since I would always assess the site and its content and decide whether I’m prepared to accept the level of risk before clicking anything.

      Like

  56. TDB

    I clicked Hidden from the top banner.

    I am curious, thus I clicked it.

    I did not really expect anything.

    I am did mot consider that it could be malicious.

    As for feeling cheated… No. Cool project though.

    Enjoy.

    Liked by 1 person

  57. Frank

    Arrived here via the link on the top bar.
    Clicked on the link because of curiosity (chalk it up to having been in previous careers: an auditor, penetration testing, and a security evaluator amongst other things).
    Didn’t feel cheated, but had a bit of a laugh instead.

    Like

  58. I can’t believe so few people have clicked on the hidden page. I am a nosey person – and how could I *not* click on a link that says “hidden”. I must try it out on my own blog/site.

    ps – I clicked on the top menu hidden option.

    Like

  59. Shahnaaz islam

    I clicked it thinking there were past links to previous cisa materials for passing exams :). this was clever!

    Like

    • Gotcha! I’ve enjoyed the responses and understanding the different reasons people click on it. Me, I probably would have done a web search on “itauditsecurity hidden” I tend to be cautious.

      A Bing search returns the following and gives it away….

      Hidden | ITauditSecurity
      https://itauditsecurity.wordpress.com/hidden
      The “hidden” link, WHY? well because I’m curious of nature and was interested to see what would be hidden on a webpage discussing IT Security :-)

      These results are interesting because it comes from a comment left by Natascha on April 3, 2013 at 3:31 am. Probably because it’s the first sentence that contains both words that I searched for…

      Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s