[EMAIL PROTECTED] writes: > Scott... The point I'm trying to make, is that we need to tighten up > security regardelss of the operating system. Indeed, I got the same info > on my RH box... Personally, I don't like the idea of "advertising" any > information through my browser or any other system application to the rest > of the world.
I don't disagree with that point. The point I am making is that this site should make folks think a little differently about security. People too often see a firewall as a panacea and don't realize all the potential vectors for potential attack. And understandably, people don't always recognize issues they should worry about (Java, Javascript) vs those they shouldn't in most cases (http header information such as browser and OS release) The nice thing about a site like this is that it gets a conversation going. I said it before and I'll say it again, one of your goals should be to NOT be surprised by anything returned by such a site or a remote port scan. * * I'm not sure why John is concerned about the site requiring indemnification for doing these scans. That's completely expected as scans have been known to crash systems in the past. -- Scott Harney<[EMAIL PROTECTED]> "...and one script to rule them all." gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
