service version disclosure
Digimer
linux at alteeve.com
Sat Jan 7 04:57:19 UTC 2012
On 01/06/2012 11:09 PM, Reindl Harald wrote:
> would it not be a good idea to NOT disclosure service versions?
> https://bugzilla.redhat.com/show_bug.cgi?id=718133
>
> you will more and more have the "problem" of 3rd party
> security scans to your servers and currently in the case
> of openssh the only solution is to tkae the F16-src-rpm
> and rebuild it for your F15 machines
> _______________________
>
> however - why do we spit the current running versions to everyone?
>
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_5.8
Security through obscurity...
--
Digimer
E-Mail: digimer at alteeve.com
Freenode handle: digimer
Papers and Projects: http://alteeve.com
Node Assassin: http://nodeassassin.org
"omg my singularity battery is dead again.
stupid hawking radiation." - epitron
More information about the devel
mailing list