SLUG Mailing List Archives
Re: [SLUG] www question
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] www question
- From: Jeff Waugh <jdub@xxxxxxxxxxxxxx>
- Date: Sun, 30 Jul 2006 21:47:52 -0700
- User-agent: Mutt/1.5.12-2006-07-14
> Am I naive, is there a risk letting the world know WHAT os and web server
> you run?
Sure. It can be mild or very serious, depending on whether the product and
version indicate the existence of particular exploits. For instance, if your
webserver published that it was running IRIX, we could have been having fun
with your web pages already. By publishing which SuSE or Apache versions
you're running, you're giving a potential cracker all the information they
need to find applicable exploits.
It's one of those "how much do you care?" things.
linux.conf.au 2007: Sydney, Australia http://lca2007.linux.org.au/
I wanted to be Superman, but all I got were these special powers of