Sorry, this really isn’t a misconfigured page or a hidden page with goodies, it’s actually a research project. I’m tracking how many people click the link.
I’d appreciate if you’d leave me a comment below explaining one or more of the following:
- WHY you clicked this link–what did you expect to find?
- Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)
- Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
- Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
Thanks for participating!
If you’re adventuresome, here’s another link to click.
Here’s a link for ITauditSecurity members only.
People Who Found This Page
Did you know you’re in an elite group? As of 12/10/14, only 1.7% of people who come to this site have clicked the HIDDEN link to come to this page.
That surprises me. I would have expected at least 5%, but I guess since most people find this site through Google, they just look at the post that brought them to the site and then leave without looking around much. Or is it because people are not as curious as I thought they are? They certainly can’t be too afraid to click the HIDDEN link.
Less than 60 people have clicked the OTHER links directly above the People Who… heading above. I guess they only trust me so much, which is good.
Or perhaps, as Natascha noted below, readers of an IT security & audit site are more cautious. Maybe so, but I think the Google factor has more to do with it. Agree or Disagree?
ITauditSecurity 
Hello there. You made me laugh – thanks for that. :)
LikeLike
Because it said “hidden”…duh.
LikeLike
exactly what Grayson said.
LikeLike
What I’m looking for is what you expected to find or hoped to find…
I updated the above text to reflect that. Thanks.
LikeLike
Where’s the cheese .
Let’s be honest, I was curious. Plus I thought if it’s “hidden” how come I can see it.
LikeLike
2Hats,
Sorry, this is a research project, not a cheese factory. :)
Seriously, I wanted to know how many people 1) notice the link (if you don’t notice HIDDEN, you won’t notice COPYRIGHT or the other links, and 2) would click on it, knowing it could be a malicious link (it isn’t).
I wanted it to appear that it should be hidden, but was miconfigured.
I am amazed that so few people have clicked on the link since it was put up (I need to calculate the percentage again). Is that because people ignore the top link bar and the side bars (the link is in both places) in general or that people who read an audit/security blog are more cautious?
Thanks for your input. I revised my questions in the post as a result.
LikeLike
Saw some of your posts on ACL and curious to learn more about your site, just going across the top menu in sequence. Didn’t think it was anything malicious or secret, just thought it was some strange way of categorizing some of your blog content.
And ya.. because it said “hidden” of course I clicked on it!
PS – great site, keep it up! :)
LikeLike
Shane,
Thanks for stopping by and being curious. The ACL bootcamp is great!
Readers,
Shane leads the free ACL Bootcamp training. See more info at https://itauditsecurity.wordpress.com/2012/01/16/free-acl-training-bootcamp/.
The ACL bootcamp page is http://www.acl.com/mtccampaigns/bootcamp/previous.html.)
LikeLike
Exactly what Shane said. I have been reviewing content on your site and just went across the top menu. I thought you might have interesting topics on security related to things “hidden”.
I did not click on it because it said “hidden”.
I did not feel there would be anything malicious. Loved the other content you have on the site.
No, I didn’t feel cheated. I am a curious sort, found it interesting you’d have this “research”. Love to know your results in the end of your study.
LikeLike
Thanks for your comments
LikeLike
Good point about “trust”. I never considered it really. I wasn’t looking for anything, just perusing everything the blog had to offer…and I wasn’t disappointed that there wasn’t any “cheese” or even “pizza”. Just followed a link from Greyson’s site.
LikeLike
Danny,
Thanks for stopping by. Next time you’re at Grayson’s, tell him to pick up his blogging pen. I’ve missed reading what he’s been doing lately. Also, now that you have an approved comment, your future “perls” won’t be moderated.
[Update: comments no longer need an approval, but the SPAM killer software is armed, willing, and ready…]
LikeLike
– I clicked it because it said “hidden” (curiosity overtook my thoughts)
– I clicked it from the sidebar (didn’t even make it to the top, again, curiosity overtook my thoughts)
– Not disappointed because I wasn’t expecting any cheese
– Did not think it would be malicious because I have visited this blog several times and never had a anything malicious.
How is the project coming along BTW.
LikeLike
coffeeking,
The project is progressing slowly. A very small percentage of visitors click the link. Even fewer leave comments telling me why, etc. At some point I might reveal the percentage, but don’t want to bias the project. Perhaps I should just create another page off of this one with the details–that you can’t get to from anywhere else but from this page. Hmmmm.
It’s hard for me to imagine how people miss the link. Perhaps they are afraid to click it, but I doubt it. In my experience, people will click almost anything (I have a funny audio story about one such experience that I’ll share someday), so I’m leaning towards they don’t notice the link.
However, with the number of clicks I get on my ABOUT link at the top of the blog, I can’t fathom how they miss HIDDEN. It’s right next door.
The project continues….and I trust your comments will also. I do believe you are hereby awarded the most prolific and valuable commenter on the ITauditSecurity blog!
LikeLike
To be completely honest I didn’t notice it on top – and missed it while scrolling down to the blogroll. Wasn’t until I finished reading and commenting on another article that I noticed you had a second “links” section, and of course “Hidden” did strike me as a peculiar “misconfigured” link.
LikeLike
Like others I was curious. Everybody like a secret!
LikeLike
Like Krupo, I thought you’d misconfigured it, typed it as a page or menu item instead of a category.
Thoughts were :
most likely an error, will see a blank page and leave a humourous comment (you beat me to that with your joke page)
second option is some hidden files that you thought were not published, so had my eyes on seeing some incomplete or trashed drafts
third option crossed my mind that you’d have some cheese here, as in : for some reason you had put sensitive (interesting) information on your blog site, and done the complete opposite of what you intended, making it accidentaly public
Was a bit disappointed yes, but funny so I’ll get over it.
LikeLike
I clicked it because I thought they might be hidden content here, and I also wanted to go through your whole blog. Noticed it at the top and not sidebar.
LikeLike
gw,
Yes, I wanted you to think there was hidden content. Just curious about how many people see it and click it. Not as many as I thought take the bait, but too many people do. Thanks for commenting.
LikeLike
As being curious what is HIDDEN!!!, I decided to click to find out and surprisingly it is nothing hidden, just the fact of human being testing for the blogger!!! You’re so smart !!
LikeLike
Thanee,
Thanks for your comments. I need to do a writeup on how many people have clicked into this dark room. A lot more than those who commented. Evidently a lot of curious people out there. I’d bet if the link said “Virus”, even more readers would click it.
LikeLike
Figured you had an evaluation copy of ACL somewhere there. Clicked to find out.
LikeLike
Interesting. Haven’t heard that one before. Sorry, no ACL SW here.
LikeLike
I thought it was the “humor” you purported to be on the site…nothing more nothing less.
LikeLike
It’s a mix of humor and research actually. I am so surprised that so few people click it. I need to publish the results (and I’ll publish it only for my ‘hidden’ friends, here on this page). Stay tuned. Thanks for your input, Gary.
UPDATE – I published the results above. Rather disappointing, but hey, that’s what happens sometimes! See the ‘People Who Found This Page’ topic above.
LikeLike
Why I click on it…..cuz I am an IT auditor. If I see a forbidden area that I am not supposed to see…..I get curious…..why/how/who.
LikeLike
Joe,
I can understand that at work, but on a website that might be hosting nasties? Sure, I’m a safe bet, but do you regularly do that all over the net? Now I’m curious.
LikeLike
When in doubt, WGET!
LikeLike
Agreed, but not much to WGET on this page.
LikeLike
The “hidden” link, WHY? well because I’m curious of nature and was interested to see what would be hidden on a webpage discussing IT Security :-)
Clicked the link from the top banner as this was where the word “hidden” had drawn my attention 1st. Did you consider that the link might be malicious? Yes, however I checked that the website is a “https” site and also know that my anti-virus and firewalls are up to date (better prepared than not)
Did you feel cheated when you found no cheese? Nope, I actually learnt something, i.e. that only 1% of people visiting your site actually click on the link, could this indicate perhaps that people are more security conscious on the web than generally thought?
Are you now more or less likely to click links like this in similar situations? I would still click a link in a similar situation, as I said before, I am curious of nature and I have always learnt something from being curious :-)
Thanks for a good website, looking forward to future posts.
LikeLike
Thanks for the most complete response so far!
LikeLike
Why: curiousity, of course.
I clicked the top banner.
I doubt a CISA puts up a malicious site.
I had low expectations, so I don’t feel cheated. I can’t think of similar situations.
LikeLike
Another complete response! Yahoo!
LikeLike
I was curious.
I clicked the top banner.
I half expected it would be some sort of test. I knew after reading your bio someone with your credentials wouldn’t put anything malicious on their site.
As it was actually one of the two expectations I had (a test or some exciting secret) I was not too disappointed. A super exciting secret would have been nice, but I was dubious since if anyone is hiding something, they don’t usually create a link right to it. Nor do they typically name it “Hidden”.
LikeLike
We’re on a roll. Thanks!
LikeLike
“Hidden” will always get curious minds to click.
LikeLike
Thanks, MG. Stay curious.
LikeLike
I am a very curious person. (My husband would say ‘nosey’ but that title has never bothered me.) I’ve really enjoyed going through this site.
LikeLike
Kim, thanks for the input.
LikeLike
I clicked on the link in the top menu bar. I clicked because I thought it might link to a page with more information on the page that I came here expecting to find which appears to not be available. I followed this link from the pdf https://itauditsecurity.wordpress.com/2012/03/30/free-cisa-study-guide/
I did not think it was malicious and I was not disappointed to learn that it was an experiment. To a degree I thought it might be a members only type page and maybe it would have some good information to assist with my CISA studies.
Now, since that was the very first link I clicked, I have to go explore the rest of the site. :)
LikeLike
Kerry,
Not a good introduction to the site, ha ha. Hope the rest suits you better. :)
LikeLike
lol. For some reason I was hoping for more notes on other Certs / topics. Interesting project you have here. Btw. Thanks so much for the CISA notes.
LikeLike
You’re welcome. Just search for CISA, CISSP, CIA, or cert to see what else I have posted.
LikeLike
We’re in security, so when we see the word hidden, our interest is automatically piqued! :)
LikeLike
Clicked HIDDEN from the top menu
I always am on quest of hidden features …
I did _NOT_ think the link might be malicious – It’s on the site of a ITSecurity guy.
No cheese for me please – intolerant to lactose :-)
LikeLike
Hi Peter, thanks for the chuckle. So, the best way to get IT, audit, and security people to click on malicious links is to build a site like this and put a hidden link on it!
LikeLike
I clicked the link from the top. Although, I am a little leery of WordPress sites – I wasn’t concerned about clicking on the tab as it seemed like part of the intended design. I am just naturally curious about things – so will usually click links to interesting things. Because the rest of the pages were pretty interesting and useful, I hoped to find some more info about the CISA exam. It didn’t bother me at all that this was the page the link took me to.
LikeLike
■WHY you clicked this link–what did you expect to find?
Cliked it because I wanted to see what was hidden
â– Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)
Top banner
â– Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
No, i didnt consider it might be a malicious link. Ooops
â– Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
Nope, I dont feel cheated at all. I learnt that there was nothing hidden :-)
LikeLike
Thanks for the info. Learn from that oops. Don’t trust anyone, not even me. What if I bought this website from the former owner and then put malware on it. Would I be able to fool a lot of people? You bet.
Food for thought. :)
LikeLike
WHY you clicked this link–what did you expect to find?
Because I got curious why the tab says “Hidden.” I was expecting to find a an IT Audit treasure game or something. LOL!
Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one) Top banner. I didn’t even noticed there was also link on the sidebar.
Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
Not really malicious. Again, I was just curious about what will I find once I click on the tab.
Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
Nope, it sounds like a good social experiment anway. I’d still click on the link if it catches my fancy, so to speak.
LikeLike
Grief, Thanks again for the comments. An IT Treasure game, that’s an idea. Maybe a series of pages that have a question on it, and depending on the answer you pick, you go to a different page/additional question. Based on your choices, maybe you could end up in prison or the auditor hero unearthing a fraud-related finding. Have any better ideas?
LikeLike
Lol, hoping to find some hidden secrets you would share with us followers… after reading your inquiry….laughed at self, thinking – how foolish, could of been malicious, but that is contrary to the rest of your helpful blog…. So, bittersweet “click”… fooled me once… ha ha. Keep up the good work!
LikeLike
Thanks, Donna. I checked out your encaustic paintings – never heard of them before. Similar at all to a fresco, but uses wax? Anyway, I found “Wicked Love” most interesting.
LikeLike
I clicked on the top banner.
I’m fairly new to ACL and extremely rusty in my ACL scripting, so I was just trying to figure out things I could do, including possibly hiding scripts. Lame huh?
I also figured my filters would prevent any malicious code from being loaded.
I also suspect that you’re tracking ip addresses and a good way to figure out who we are is to link our comments to our addresses.
LikeLike
Annie O,
Hope you find some useful stuff here, but don’t trust technology too much. I think behavior trumps technology protection almost every time. I should write about something that happened at work with the I Love You virus. Anyone remember that one?
LikeLike
I found this link on the sidebar. I expected a clever trick “hidden in plain sight” and strangely enough never thought it’d be malicious. Figured you’d audit your page for such :)
Only for reputable sites like this one will I click on similar links
LikeLike
– because it said ‘hidden’ and I’m a sucker.
– banner at the top
– i did not think it was malicious
– I had a feeling it would lead to nothing and wasn’t expecting much, didn’t feel cheated but it satisfied my curiosity.
LikeLike
hk,
Thanks. Fair enuf!
LikeLike
I wanted to know why it was classified as hidden. Could it be an error, intentional label, or did I just get unauthorized access? I had a feeling it was an experiment based of your background and so far the site was prepared well and free from errors based on a short-examination. I appreciate the effort put in and the information provided I am working towards a CPA and deciding if I want to prepare for the CISA.
LikeLike
Pardeep, thanks for the feedback. Your comment, “based on a short-examination” reminds me of the phrase some auditors use, which is “pass on further review”. Does anyone still use that, and what does it mean? I’ve never heard a satisfactory explanation.
Anyway, thanks for stopping by.
LikeLike
WHY – It says hidden, it was either going to be cool or weird.
WHERE – From the top banner.
MALICIOUS – No, I assumed your site had not been hacked and based on your content, you’re not up to something nefarious
Logically speaking, you could have been experimenting with the site design, and accidentally published a test page.
Interesting experiment.
LikeLike
Josh,
Thanks for stopping by and your input. I am very tempted to put up a nefarious page just for fun….hmmmmmmm
LikeLike
I knew it was a “trick” to see whether people afraid of clicking HIDDEN, but then I clicked to see what you have to say about that tab…My conviction paid off..cool one though!
LikeLike
One of these days I’m going to put up a page that says something like “YOU HAVE BEEN INFECTED — click here” and see how many people still click that link.
LikeLike
haha..you’re welcome buddy..lets see how you can get folks infected with your link!! Don’t you forget to infect me..lol..
LikeLike
ha ha. I think I’ll put a VIRUS link at the top of my banner, next to Hidden…
LikeLike
1. I was aware that the page is some kind of a trick, advertising for something that is not (hidden), but straightforwardly louring savy browsers
2. Top banner
3. Nope. I considered it to be a benign joke.
4. I found exactly what the blog advertised. Especially the last word: humour.
LikeLike
V3ro,
Thanks for a chuckle. Except I spell humor with only 1 u. We can still be friends.
Mack
LikeLike
Same as V3r0.
LikeLike
I clicked because I kept seeing it, and after a week when it hadn’t gone away I stopped believing it was a site update glitch and thought it was either a honey pot or a misconfiguration.
I clicked from the side bar, I hadn’t even noticed the top bar.
I did not think it would be malicious, but I took precautions anyway.
I’m glad there was no cheese, I’m happy to write this comment but I was really dreading having to issue a finding when I originally came here for CISA study prep. I feel better about the company I’m keeping that a persistent vulnerability hasn’t been left open.
LikeLike
Greysun,
Thanks for the input. Good luck on the CISA.
LikeLike
Ha! Thanks for the chuckle when I got to this page. This looks pretty old, but I’ll reply to your study questions anyway…
>> WHY you clicked this link–what did you expect to find?
I don’t know, maybe old posts or WIP posts or juicy details about your clients.
>> Did you click the link from the top banner of the blog or the sidebar?
Top banner
>> Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
No, based on my prior visits, you’ve established yourself as trustworthy, and a link like that, embedded in the page (as opposed to a link in someone comments on the page) didn’t seem suspicious at all. Maybe I’m too trusting.
>> Did you feel cheated when you found no cheese?
No, like I said, I thought it was kind of funny.
>> Are you now more or less likely to click links like this in similar situations?
I might think twice & hover to see the URL in the future, but I’ll probably still click!
LikeLike
blair151,
I appreciate your answering the questions. I am still interested in how people make decisions regarding these things. While I might be trustworthy, my site could have been hacked and hence the malicious. But if I hacked a site, I’d make sure I caught everyone, not just those who explored just one area of the website, so I can’t disagree with your methodology.
The important question is, “Did you consider the risks and act accordingly?” I’d say yes.
Glad you got a chuckle.
LikeLike
I figured the page was accidentally not hidden in your WordPress menu settings. I expected to find a collection of Kitten Meme animated gifs.
LikeLike
Shane,
No kitties here. That’s funny.
You’ve joined a long list of others now. Did you follow the other links on the page above? I would not recommend it.
LikeLike
– I expected to find hidden gems (links to resources?) or maybe insider tips for IT Auditing
– Topnav
– Didn’t think it was malicious b/c the link was to a wordpress page not an executable. Also, I trust you.
– I am interested in what your results are, what you expected, and what prompted this experiment
LikeLike
Christian,
I did the original stats above (see People Who…topic above) and haven’t done them since. I expected a lot higher number of people to click it. I don’t get enough info on whether they clicked the top link or the side link to determine anything. Overall, I’m guessing that people don’t look much at the top banner or the side stuff, which surprised me. I always look at the top of websites.
One of these days, I’ll look at the stats again and update the topic above.
LikeLike
Christian,
I just updated the stats above…
LikeLike
I was hoping to find some contact details for you. I love what you have done with this page….
LikeLike
I know nothing about IT Auditing, but would like to learn more so my curiousity compelled me to click on the Hidden link.
WHY – because it was there.
WHERE – clicked from the top banner.
MALICIOUS? – No. I assumed it was another topic to learn from.
CHEESE – No. actually delighted to find it was an experiment.
LikeLike
Dee,
Your curiousness will help you if you decide to go into IT audit.
I enjoyed experimenting on YOU, so thanks!
LikeLike
Dying to be a CISA member, so i ended up here, perusal of the entire blog included tryna find out what goody-goody the hidden tab had. yeah disappointed but all smiles..haha
LikeLike
Thanks for commenting. Hope I can help you in your pursuit. Let me know what I can do.
LikeLike
Why i clicked & what i expected :
Its my habit to skim through all the available pages in a websource/site which i feel, contain lots of useful info. Hence i clicked that link .
Where i clicked :
Clicked from “Top banner”
“Suspcious of malicious? ”
Actually i didn’t got any suspcious But I indeed felt a bit strange to see a major tab in home page with such strange title. Checked it to find much more intersting info.
* Did you feel cheated when you found no cheese?
Not really . Indeed i am glad to contribute some thing to your survey.
Are you now more or less likely to click links like this in similar situations?
Doesn’t matter when you are already prepared for surprises.
I am always prepared.. (Smiles….)
LikeLike
Dorai,
Thanks for a great, long comment. Readers don’t leave too many comments here these days. Good to see folks still poking around.
I’m temped to change the name of this page to VIRUS and see how many more people click it….
LikeLike
◾WHY you clicked this link–what did you expect to find?
I’m new to IT Audit and just discovered your blog. I clicked it because I wanted to avail myself of all the available resources.
I didn’t really have any specific expectations.
â—ľDid you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one)
Top banner.
â—ľDid you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind?
No, I had read a good portion of your blog entries and had a decent feel that you weren’t a spammer, scammer or malicious agent. And besides, this computer is pretty well hardened against most of the bad stuff that can happen :)
â—ľDid you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
Not cheated because I came in with no preconceptions.
I don’t think this experiences would really change my willingness to clock somewhere else. I’d have to evaluate and assess each site and decide if it seemed like a worthy risk.
LikeLike
Thanks, Rob. Just curious, does the main account you run your PC on have admin privs?
LikeLike
I was told that curiosity was one of the top quality required for auditors you know, I’m just following advice here…
Clicked from the top banner, didn’t even see the right bar.
Well, well, if it’s be malicious I would have had to return the favor at some point, and I wouldn’t be the only one thinking the same. It’s hosted on WordPress, your site would be shutdown for long if it was malicious (and you wouldn’t want it as you put significant effort it). Don’t worry, I can find plenty of reasons.
No, we’re all mad here. Same, I’ve been clicking on links for 20 years, ain’t going to change now.
LikeLike
Bay,
True, curiosity is good for auditors, but not when you need to wrap an audit up and your hours are running low. :)
LikeLike
I am sorry i copied an answer for Dee
WHY – because it was there. and I though the description in the page will tell me.
WHERE – clicked from the top banner.
MALICIOUS? – Maybe but it seems good blog, and you mentioned a secret project in about me I think, so I though you may want to reveal things about it.
CHEESE – No. as i expected.
Thank you, keep up the good work,
LikeLike
Admin,
Thanks for the input. I’m always curious why people act the way they do. or don’t.
LikeLike
I hardly leave comment online, but here we go:
WHY you clicked this link–what did you expect to find?: What’s HIDDEN.
Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one): From top banner
Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind? Im kinda new to IT Audit so yes I have to be curious to be good at it.
Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations? What makes you think I found no cheese? I will continue to be curious to be an IT auditor Guru.
PS: Good posts by the way. Hope you can be my mentor.
LikeLike
Kabs,
Thanks for taking the time to reply. You gave me a few chuckles.
Being curious is good; just make sure the risks you take are calculated risks and worth the trouble.
Glad you find the blog useful. Let me know how I can help. You can always leave a question in my Ask a Question post.(see top right of page under Quick Links).
LikeLike
■WHY you clicked this link–what did you expect to find? Something interesting
â– Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one) top banner
â– Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind? Every link might be malicious, and the title intrigued me
â– Did you feel cheated when you found no cheese? Are you now more or less likely to click links like this in similar situations?
Depends, but there is cheese here as the results are interesting.
LikeLike
K,
You have an interesting perspective. Glad you were totally disappointed. Thanks for the input.
LikeLike
From the top banner link, I accessed the Hidden page. Out of curiosity clicked to see what is there. Not a bog disappointment.
LikeLiked by 1 person
I clicked the link in the top banner out of curiosity mostly. I found my way here from risk3sixty and was just perusing your recent posts before scanning the banner. As I know the author of risk3sixty, I had no reason to believe your site would host malicious content and I was intrigued by such an odd header. As I didn’t know what to expect, I wasn’t disappointed either; in fact, I find your study rather interesting and fun.
LikeLiked by 1 person
I clicked on it because it said “hidden”. I was wondering why you would include it in a menu if you didn’t want anyone to access it, so I clicked to find out what it contained.
LikeLike
– I clicked from the top banner
– I didn’t expect it to be malicious because I had read other areas of the site. I hoped that my security was sufficient to warn or prevent me accessing it if it was malicious.
– I didn’t feel cheated. As I said in earlier response, I just wanted to know why it was there. I found out so I didn’t feel cheated. It neither makes me more nor less likely to click links like this, since I would always assess the site and its content and decide whether I’m prepared to accept the level of risk before clicking anything.
LikeLike
I clicked Hidden from the top banner.
I am curious, thus I clicked it.
I did not really expect anything.
I am did mot consider that it could be malicious.
As for feeling cheated… No. Cool project though.
Enjoy.
LikeLiked by 1 person
Arrived here via the link on the top bar.
Clicked on the link because of curiosity (chalk it up to having been in previous careers: an auditor, penetration testing, and a security evaluator amongst other things).
Didn’t feel cheated, but had a bit of a laugh instead.
LikeLike
So did I. Thanks.
LikeLike
I can’t believe so few people have clicked on the hidden page. I am a nosey person – and how could I *not* click on a link that says “hidden”. I must try it out on my own blog/site.
ps – I clicked on the top menu hidden option.
LikeLike
Ahuvah,
Thanks for the info. I think most people just miss it.
LikeLike
I clicked it thinking there were past links to previous cisa materials for passing exams :). this was clever!
LikeLike
Gotcha! I’ve enjoyed the responses and understanding the different reasons people click on it. Me, I probably would have done a web search on “itauditsecurity hidden” I tend to be cautious.
A Bing search returns the following and gives it away….
Hidden | ITauditSecurity
The “hidden” link, WHY? well because I’m curious of nature and was interested to see what would be hidden on a webpage discussing IT Security :-)
These results are interesting because it comes from a comment left by Natascha on April 3, 2013 at 3:31 am. Probably because it’s the first sentence that contains both words that I searched for…
LikeLike
I clicked it in the absense of a link/button marked “Don’t click” :-)
I clicked the menu button out of idle curiosity, while checking out your blog and website for interesting stuff. Or cheese.
LikeLiked by 1 person
Build a better mousetrap, promise some cheese, and they will come…
LikeLike
NZ mice prefer peanut butter! This is evidently the third time I have found myself on the HIDDEN page, like a wary rodent returning for another sniff at the trap.
LikeLike
Gary,
Mice are supposed to learn to navigate the maze. If you don’t learn it soon, you will hear a loud SNAP before your lights go out.
Your humor seems a lot like mine. That could be good or bad depending of how you view me or yourself.
Also, this page seems much less hidden when viewed on a phone.
LikeLike
CISA Test Centre Switzerland.
Very good!
Found link in the header, monkey curiosity kicked in! Not disappointed!
However in light of recent world events, tad ashamed that I nibbled the bait.
LikeLike
1. WHY you clicked this link–what did you expect to find? – some specific tools/scripts intended only for auditors
2. Did you click the link from the top banner of the blog or the sidebar? (Hardly anyone answers this one) – on the page
3. Did you consider that the link might be malicious? If so, why did you still click it? What kind of justification, if any, went through your mind? – This is a trusted site and web reputation didn’t indicate any malicious link on the site
4.Did you feel cheated when you found no cheese? — Ah !! I am looking for some special “Cheese” called knowledge.
5. Are you now more or less likely to click links like this in similar situations?
It depends what the site is about or how devilish the author is :)
LikeLike
ISOGeek,
Thanks for stopping by and taking the time to leave some comments.
I chuckle when I see comments like “this is a trusted site”. According to whom? Just wondering, not complaining.
Open you find some cheese here to your liking.
Mack
LikeLike
1) WHY: I was hunting for an onsite analytics/IT Audit user forum. I was hoping to direct some peoples questions to one.
Top Banner
Did not think it would be malicious, its been there a while I assumed you would have figured out it was there by now. I was hoping it was more a kin to “under construction”
… No forum, yeah i was a bit disappointed.
Reading a couple of the other responses this is quite a nice honey pot for blog/post/site ideas, as it appears others clicked looking for things they didn’t find elsewhere on the site.
LikeLike
Thanks John. Don’t know of any IT audit user forums
LikeLike
ISACA used to have one – I’m no longer a member though so haven’t checked in ages. It would be worth searching on groups.google.com, groups.yahoo.com and under the LinkeDin.com groups for “IT audit” or “CISA” (on the basis that any forum which doesn’t mention CISA evidently isn’t very serious about IT audit!).
LikeLiked by 1 person
Already on the site, looking for a post later than the one I was looking for on purpose. Failed, so browsed the menu, found ‘hidden’, clicked from curiosity. I expected to find something for administrators only. No suspicion that it would be malicious, that wouldn’t be a good name for a malicious page.
LikeLike
originally found this site because i am studying the new certification for career changers (currently on help desk) and wanted to read up on what current knowledge i have that will be useful. clicked Hidden because i finished reading What IT Auditors Ought to Know and was looking for more content at the top, got curious
LikeLike
Thanks Bear,
I haven’t receive a comment on this page for a while. about 4 years!
Kudos to you for working toward a new career. I know several help desk folks that successfully moved to new positions. One guy I mentored became a server admin.
Keep working, you’ll get there. I’ve changed careers 5 times myself.
LikeLike
I know I was amused to see the notification in my inbox as well. It reminds me that my blog has been dormant for 6 years now. Wow
LikeLike
I miss you buddy!
LikeLike
Curiosity killed the cat! I would think that all good auditors would look at anything unusual and it surely looked unusual. Top banner. As far as malicious, bring it on. I have a a separate browsing computer that is isolated from my main network that I use. If my security software doesn’t catch it I just reimage the drive in 10 minutes. Ahhhh, but there IS cheese. Just as you discovered. I too am migrating into cyber security from running an MSP for 20 years. Already got my CISSP and half a dozen Comptia, cisco certs, but tough time getting a job with no experience. Wow! 2 posts within 3 days…years after no activity
LikeLike
Yes, it has been a while since this got hits.
A couple responses to your comment:
1) I have run into many auditors who are NOT curious. Very puzzling. That’s like being a car mechanic who hates the smell of gas and oil.
2) You like to live dangerously. I do too, but not so much with computers and all that. I used to moderate a security forum and that was never dull.
3) I’ve written a couple posts on how to get a job with no experience. The context is auditing, but I think the principles apply to any field. Your problem is that you can’t accept an entry level job which makes it harder. But some of my points will apply there. Don’t give up!
LikeLike