On 01/08/2012 04:24 PM, Reindl Harald wrote:
and you think that some random examples prove anything?
some webserver logs are showing nothing about real exploits

there was and there will be exploits you will never see
in your webserver-log because if they worked CODE was
executed in the context of your webserver

fact is that nobody out there needs to know your software-version
for something useful and one of the most important rules in
server-administration disable and disclose ANYTHING which is not
explicit needed to prevent exploit-cases you can not imagine
while configure your machine

Umm aren't you saying precisely what everyone is saying?

"fact is that nobody out there needs to know your software-version for something useful"

Which was the point of my weblog examples. I am aware that it means nothing except someone tried something. The fact is people don't need the software version to exploit. So displaying changes nothing. That seems to be the point of this thread.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Reply via email to