* krjw <[EMAIL PROTECTED]> [2002-08-29 20:56]: > As for version numbers, there's nothing wrong with them > unless they are advertised to potentially malicious users. > Assuming a given version of a given MUA has a known security > hole, sending a mail via that MUA with a header containing > version info is just begging for trouble. Call it paranoia.
so you are basically asking for "security by obscurity". > In general it's undersirable for network-aware software > (whether an MUA, daemon -- like httpd or sshd -- whatever) > to advertise its version # to untrusted users. and that's why you are afraid to use your real name in mails, too? > The Internet is not as friendly as it used to be. welcome to the third millennium! i find people who hide their name to be afraid of the internet and its hackers; they think everyone will hack their computer as soon as they use a modem. the internet would indeed benefit from these people to go offline and lock themselves in at home. Sven -- The only secure computer is one that is turned off, locked in a safe and buried 20 feet down in a secret location, and I'm not completely confident of that either. --Bruce Schneier see also: http://w3.physics.uiuc.edu/~menscher/quotes.html
