On Wed, 16 Jan 2002, Stefano Mazzocchi wrote: > > I would rather call it 'partial security thru transparency'; if an > > malicous attacker get no unnecessary hint where to begin, the difficulty > > of the task rises at least a magnitude. > > Oh, please, look at your webserver logs... how many 'IIS-related' errors > you get daily? I bet a ton. Some ASF members counted that it may take as > low as 30 minutes (!!!) to get discovered and attacked.
Actually I enabled a web server that was Nimda'd in 1 minute flat just a few weeks ago (apache of course, so no threat). However there's a big difference between automated attacks and orchestrated ones. However I'm not arguing for security through obscurity. Not at all. e.g. Apache can be discovered through header fingerprinting, as can IIS. -- <!-- Matt --> <:->Get a smart net</:-> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
