On Sat, 2004-01-17 at 15:21, Dan Muey wrote: > > Which has made me wonder more then once if in a security > > through obscurity approach sites pass perl scripts off as ASP, etc. > > > Maybe, I don't see why I'd want to make people think I'm using insecure > stuff when I'm really using the best, but maybe.
Well just to throw people off. I've often contemplated throwing up a world readable /scripts directory on my server so anyone scanning my box would say, "ooooh, insecure IIS" and provide me with enough notice they were trying to hack me then if, for instance, they said "He's using Mandrake Linux, better hang around the mailing lists looking for the latest vulnerability". Of course, there's really not too much of value on my box besides Nethack bones files so I'm not too worried. > For instance I was talking to a gentleman who was showing me his new web server ($$$ > for Winders and IIS) with his new sexxy web app he was looking forward to using, and > he was proud because "He had connections that saved him 10% so he only paid $3000 > for it". I was shocked so I looked at his site with him and got a list of it's > "awesome features". > > That night I did the same thing in Perl and used the html/css from his site for the > looks and I showed him the next day and he about died because mine did everything > his did, looked the same and it was free. The only differenece was now he had a sort > of torn and bleeding feeling in his bottom LOL... -Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
