[Catalyst] Can you tell if a server is running Catalyst?
Daniel McBrearty
danielmcbrearty at gmail.com
Thu May 18 18:21:41 CEST 2006
>
>
> While I agree with you, especially when you talk about a "false sense of
> security", I also think that rejecting the concept of secutiry through
> obscurity does not mean automatically exposing every bit of information
> about one's system.
> Just to make an example, the fact that my apache server signature
> doesn't show its exact version does not mean I'm more protected against
> attacks; nonetheless, if this simple measure can lower the probability
> that a script kiddie or a bot will try a particular exploit against my
> web server, then I'd definilty adopt it.
>
>
exactly. I do the security testing I know how to do, but I don't see any
reason to go advertising to the world how it works when there is no reason
to do that. It's a fairly hostile env out there.
Judging by the number attempts to access cmd.exe seen in the logs of my
debian box, most of the "attacks" are dumb beyond belief. But that doesn't
mean they all are, or will be.
--
Daniel McBrearty
email : danielmcbrearty at gmail.com
www.engoi.com : the multi - language vocab trainer
BTW : 0873928131
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst/attachments/20060518/234d8c92/attachment.htm
More information about the Catalyst
mailing list