Hi
Not Really,....Having XMail advertise the version etc, just makes the job a
little easier. Anyways there is no reason why one would need to display that
information.
It serves no actual purpose other than determining which SMTP is running and
its version. (This is exactly why I prefer not to display this information.)
At any time (not judging the codeat all :P) but a exploit could be found in
the furture, and having this information available would make you more
vulnerable to attack.
Just my 2c Worth, This is just my opinion.
Regards
Richard
On Tue 22 May 01 17:59, you wrote:
> On 22-May-2001 Richard Mayhew wrote:
> > Hi
> > Its better to have it removed for security purposes, so not to expose
> > which OS etc you are running.
>
> Same thing.
>
> 1) Hackers can distinguish between OSs by simply analyzing TCP/IP timings
> and behaviour
>
> 2) Hacker tools exploits are port dependent and not OS or application
> dependent. There nothing like this :
>
> if (OS == NT)
> {
> if (Browser == IE)
> {
> ...
> }
> }
>
> Since exploits are very short sends, 95% of times they're all tried
> ( obviously the last IIS exploit won't be tried on a port 25 ).
>
>
> So the only solution it You've a crappy OS or application is: change it :)
>
>
>
>
> - Davide
--
--------------------------------------------
Security Engineer - ISA - Johannesburg - South Africa
Tel : (011) 458 6869
Fax : (011) 458 6556
Cell : 083 3018307
SMS : [EMAIL PROTECTED]
HTTP : http://www.splash.co.za
-------------------------------------------
