[Mailman-Users] Mailman Version
Brad Knowles
brad at shub-internet.org
Thu Nov 15 08:06:14 CET 2007
On 11/14/07, Mark Sapiro wrote:
> IMO, security through obscurity is doomed to failure.
Agreed. Any serious attacker, or anyone with moderately serious
attack tools, is going to fingerprint the box and all the
applications with something like Nessus, nmap, etc... and they'll
know better than you do precisely what you're running and what you're
vulnerable to, down to the level of what version of what libraries
you're running.
If you leave the version number there, at least there's a chance that
some nice person will come along and let you know that you're
out-of-date.
Otherwise, you're not likely to notice until you've already been cracked.
For example, I've been involved with the Mailman project for years,
and periodically I run across old installations of Mailman at various
places I go on the 'net, and I do usually make a point of telling the
respective folks about the updated versions and where they can find
them.
But if you obscure your version number, then people like me cannot do
that for people like you.
--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users
mailing list