[Mailman-Users] Mailman Version

Brad Knowles brad at shub-internet.org
Thu Nov 15 08:06:14 CET 2007

On 11/14/07, Mark Sapiro wrote:

>  IMO, security through obscurity is doomed to failure.

Agreed.  Any serious attacker, or anyone with moderately serious 
attack tools, is going to fingerprint the box and all the 
applications with something like Nessus, nmap, etc... and they'll 
know better than you do precisely what you're running and what you're 
vulnerable to, down to the level of what version of what libraries 
you're running.

If you leave the version number there, at least there's a chance that 
some nice person will come along and let you know that you're 

Otherwise, you're not likely to notice until you've already been cracked.

For example, I've been involved with the Mailman project for years, 
and periodically I run across old installations of Mailman at various 
places I go on the 'net, and I do usually make a point of telling the 
respective folks about the updated versions and where they can find 

But if you obscure your version number, then people like me cannot do 
that for people like you.

Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list