* Keith <[EMAIL PROTECTED]> [2002-08-29 23:45]: > Thank you for the flame. It's the first one I've > received since being on this list for less than a day.
you are welcome - "Keith"! > +-- On 30082002 01:01:13 +0000, Sven Guckes uttered: > | * krjw <[EMAIL PROTECTED]> [2002-08-29 20:56]: > | > As for version numbers, there's nothing wrong with them > | > unless they are advertised to potentially malicious users. > | > | so you are basically asking for "security by obscurity". > > I didn't imply that version info is a security hole in-and-of itself. > However it can't be denied that it certainly makes it easier to > pinpoint who is running vulnerable software. This is common sense. > Let's use sshd as an example. [blah blah blah] bad example. the sshd is one of the very few *services* which are installed even on firewalls. you would not expect users to log in on the firewall and use mutt there, would you? now *that's* common sense! > There are good guys and there are bad guys. > Why make it easier for the bad guys to be bad? why try to fool yourself into security by trying to hide all information? how can you ever ask questions on the net about your home computer without giving any information about it? and if you do [1] then why are so afraid of giving away the version number of your email client? i dont get it. > | > In general it's undersirable for network-aware software > | > .. to advertise its version # to untrusted users. > | and that's why you are afraid to use your real name in mails, too? > > Sure. well, i hope it'll work for you, Keith... Warno. (oops!) Sven -- "Those who give up freedom for security deserve neither freedom nor security." - Benjamin Franklin [1] uggc://jjj.trbpenjyre.pbz/nepuvirf/3/424/2001/7/0/6189114/
