service and user-agent disclosure - please consider privacy
Thomas Spura
tomspur at fedoraproject.org
Tue Jan 10 14:24:14 UTC 2012
On Tue, Jan 10, 2012 at 1:22 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
> Am 10.01.2012 00:13, schrieb Richard:
>> many of the different user agent and service banners are way
>> too detailed for my taste
>
> thank you for supporting my opinion that a software should
> per default disclose as less informations as possible
>
> SAMBA is currently my hate candidate in a LAN
> Nessus/OpenVAS can tell you the exact RPM version
>
> nice if you have some bot-infected workstation in your
> LAN to help searching vulnerabilities on other machines
Why is that a topic for fedora? I don't think, we should patch
programs and remove the versions printing everywhere. You are free to
discuss this with upstream and that's it (or do a foo-privacy fork of
course ;)).
It's more important to patch the vulnerabilities with security update
than simply hide them and hope your bot-infected workstation won't try
them.
Greetings,
Tom
More information about the devel
mailing list