Am 11.08.2012 14:17, schrieb Michael Meyer: >> "Security By Obscurity" is not a good security >> but it is a dmaned good ADDITIONAL security for still hardened machines > > No. It implies no safety gain
you really try to explain me that there is no difference between hide what webserver type you are running instead blowing out Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze6 with Suhosin-Patch mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8o X-Powered-By: PHP/5.3.3-7+squeeze6 with each single response? this is nonsense! automated attacks are searching vulnerable systems all day long and they try not all theoretical exploits on every machine as long the host does not spit out it's configuration and there are millions of other with a hint to exact matching exploits _______________ the same as example for phpMyAdmin all day long robots try to find phpMyAdmin-Setups with standard locations and after they found one on your machine they will try to exploit it - if your URL is not in their lists you have much lesser intrusion attempts, and yes this can make a difference if there is a known vulerability if someone finds you setup automated today while you update tomorrow your software
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
