Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] www question


<quote who="jam@xxxxxxxxx">

> Am I naive, is there a risk letting the world know WHAT os and web server
> you run?

Sure. It can be mild or very serious, depending on whether the product and
version indicate the existence of particular exploits. For instance, if your
webserver published that it was running IRIX, we could have been having fun
with your web pages already. By publishing which SuSE or Apache versions
you're running, you're giving a potential cracker all the information they
need to find applicable exploits.

It's one of those "how much do you care?" things.

- Jeff

-- 
linux.conf.au 2007: Sydney, Australia           http://lca2007.linux.org.au/
 
    I wanted to be Superman, but all I got were these special powers of
                             self-deprecation.