NYCPHP Meetup

NYPHP.org

[nycphp-talk] Basic security question

Paul Reinheimer preinheimer at gmail.com
Wed Jul 14 15:55:12 EDT 2004


I never intended this to be the end all approach to my security (as
some seem to be under that impression), but instead combine it with
carefull coding, keeping packages up to date, apropriate firewall
rules, etc.

I hadn't really considered the trade offs to be that severe, but it
certainly seems to be something I should look at more closely.

I wasn't aware that tools capable of really determining what
applications was really running were that wide spread, I saw that one
had been updated recently on slashdot, but hadn't considered them that
common in script kiddie world.


paul




On Wed, 14 Jul 2004 15:50:44 -0400, Mitch Pirtle
<mitchy at spacemonkeylabs.com> wrote:
> Chris Bielanski wrote:
> 
> >I had a much longer response in preparation, but Andrew just nailed it.
> >Obscurity is not security. And yes, it only stops the timid assailant.
> >
> 
> Not anymore, the script kiddies' scripts are smart enough to not rely on
> the HTTP headers for server/OS identification, and many use NMAP for its
> fingerprinting prowess.  Perhaps the only thing you would fool is the
> next NIMDA variant, at best...
> 
> Whatever time you spend modifying your banners and HTTP headers is
> wasted, IMHO.
> 
> -- Mitch
> 
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



More information about the talk mailing list