Rocco, My point was not about the merits or demerits of hiding version info, but about the reference to "PCI" that you gave. If it is a commonly referenced security standard, I must have been living under a rock because I had never heard of it till today.
While we are at it, why does your own mail server disclose version info? 220-server.it-doc24.com ESMTP Exim 4.69 -- Hari On 11/28/09 1:39 PM, IT-Doc24 Ltd. - Rocco Radisch wrote:- > That is right. Its not a internet standard but a commonly used security > standard. Not only for the payment card industry but also for > web/internet server/services security audits amongst some other security > "recommendations". E.g. in case the website would process credit card > information. > Whether its a must or not, a standard or a recommendation, just go by > logic. Do you want to hand out (disclose) the version information of a > running service? Indicating which vulnerabilities the service has? > Believing the banner, Postfix 2.3.3 was released in Aug/Oct 2006 ....... > > Hari Kurup wrote: >> On 11/28/09 12:21 PM, IT-Doc24 Ltd. - Rocco Radisch wrote:- >> >> >>>>> (the version information should be cut out, called banner, its against >>>>> PCI recommendation) >>>>> >>> https://www.pcisecuritystandards.org/ >>> >> >> right, so PCI stands for "Payment Card Industry" >> They make standards that apply "to all organizations which hold, >> process, or pass cardholder information from any card branded with the >> logo of one of the card brands" >> (ref: >> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) >> >> >> As they don't make internet standards (that is the work of the IETF), I >> don't see why you would base on their recommendations unless you are one >> of the said organisations. >> >> -- >> Hari >> _______________________________________________ >> LUG mailing list >> [email protected] >> http://kym.net/mailman/listinfo/lug >> %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them >> (including attachments if any). The List's Host is not responsible for >> them in any way. >> --------------------------------------- >> >> > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any > way. > --------------------------------------- > _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
