On 01/08/2012 04:24 PM, Reindl Harald wrote:
and you think that some random examples prove anything?
some webserver logs are showing nothing about real exploits
there was and there will be exploits you will never see
in your webserver-log because if they worked CODE was
executed in the context of your webserver
fact is that nobody out there needs to know your software-version
for something useful and one of the most important rules in
server-administration disable and disclose ANYTHING which is not
explicit needed to prevent exploit-cases you can not imagine
while configure your machine
Umm aren't you saying precisely what everyone is saying?
"fact is that nobody out there needs to know your software-version for
something useful"
Which was the point of my weblog examples. I am aware that it means
nothing except someone tried something. The fact is people don't need
the software version to exploit. So displaying changes nothing. That
seems to be the point of this thread.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
