[nycphp-talk] Basic security question
Mitch Pirtle
mitchy at spacemonkeylabs.com
Wed Jul 14 15:50:44 EDT 2004
Chris Bielanski wrote:
>I had a much longer response in preparation, but Andrew just nailed it.
>Obscurity is not security. And yes, it only stops the timid assailant.
>
Not anymore, the script kiddies' scripts are smart enough to not rely on
the HTTP headers for server/OS identification, and many use NMAP for its
fingerprinting prowess. Perhaps the only thing you would fool is the
next NIMDA variant, at best...
Whatever time you spend modifying your banners and HTTP headers is
wasted, IMHO.
-- Mitch
More information about the talk
mailing list