> Your reasoning lacks in ethics; you're hoping hackers will go
> after the
> next company instead of you because its easier to pick them out in a
> crowd. Assuming all people hid their server signatures, as
> you desire,
> your logic would cease to function because there would be no easy
> targets and hackers might simply toss an attack attempt against each
> host instead of blindly requesting headers.
Does this make the person who fits a burglar alarm unethical? I don't think
so. That's as daft as saying using 128bit servers encourages hackers to
attack 40bit IIS servers (as if they need much encouragement).
There are around 24 million web servers in the world. 14.4 million (approx)
are running Apache. Lets assume that half of those haven't been regularly
updated (I think I'm being generous here).
So if everyone hid their headers automatically you could half your
statistical chance of being hacked (it's probably much less than that).
After all, Jo Hacker has to attempt a brute force attack against up to 14.4
million servers to find a vulnerable one.
Incidentally, I've been burgled four times in the past five years. Three of
those were to our garage. One attempt on the garage ended in failure
(perhaps he/she was disturbed). One attempt on the house destroyed our back
door. This has been replaced with a security door. Someone did recently try
to get in, but couldn't and moved on elsewhere.
Hackers should do the same!
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
