And the standard is to use insecure protocols also like telnet and ftp,
those that pass info in clear text rather then encrypt the data of the
user logging in and his secret for access, his password. Yet, those folks
in the know frown upon such protocols for external access, seeking to use
something that will encrypt either at least those credentials, or the
whole darned session. Face it, as folks learn, things change, and
obfuscating some info does no harm, cept to those bragging rights you want
to cling to, and most likely will work with other security tools and
practis4es to enhance the security of the systems in questions.
Especially as tools are more and more developed to seek a particular
OS/service<s> combinations as the recent worms that sought out redhat and
debian systems to infect and compromise after infecting and compromising
the machine they are then launched from.
Thanks,
Ron DuFresne
On Wed, 9 May 2001, Owen Boyle wrote:
> This is my last post on the subject since everyone else must be fed up
> by now.
>
> I accept that being secretive might reduce the number of hacks you are
> subjected to. My point is that every machine on the web will eventually
> get attacked and reducing the rate of attacks is not security - you
> will still get hacked eventually. You must be secure when the attack
> comes and you must assume the attacker knows or guesses trivial facts
> about your system.
>
> Your car analogy proves my point precisely. Some cars may be easier to
> steal than others - yet no manufacturer disguises the model or make of
> their car. If a problem arises with a particular model, the correct
> response is to get the lock fixed - not to ride around with your car
> under a sheet.
>
> I also agree the CIA etc. have had their websites corrupted from time to
> time but are you really suggesting this is *because* they print the
> Server signature? If so, why do they *still* print it? - straw-man
> argument, methinks.
>
> Finally, I am advocating the status quo so I don't have to give any
> compelling reasons why it should be so - it is up to you rebels to
> provide a compelling argument why we should all change. So far, I
> haven't heard one.
>
> Rgds,
>
> Owen Boyle.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
