What is Digg?Sponsored by Travelzoo
$52 and Up—Airlines Slash Fares On Peak Holiday Flights. view!
travelzoo.com - This year, waiting until the last minute is NOT the best strategy. See why.
21 Comments
- XPpro, on 07/06/2009, -1/+20Pointless article,
http://en.wikipedia.org/wiki/Security_through_obsc ...
There are many ways you can get the software version of a server, not just through Server Header. For example;
http://www.net-square.com/httprint/ - mjk340, on 07/07/2009, -1/+19If you want your server to be hack proof, put it in a locked room and don't connect it to the internet.
- merreborn, on 07/07/2009, -0/+18Wow. Total non-story.
Here's the summary for anyone who wants to save themselves 30 seconds scanning the article:
Install mod_security and set the SecServerSignature directive.
Meanwhile, if you want to actually want to learn something useful, bone up on mod_security itself:
http://www.modsecurity.org/documentation/modsecuri ... - inactive, on 07/07/2009, -3/+19Just ping it. If it crashes, you got yourself a window server.
- TVarmy, on 07/07/2009, -1/+14My server is imaginary, and I ask people I meet on the street to think about my server. Then I ask them not to think about it ever again. That forces them to involuntarily consider my server constantly, making for a highly redundant system.
The only problem is that most computers don't come with enough imagination to access my server. But that also means those computers can't hack my server. - billricardi, on 07/06/2009, -0/+13I ran an experiment years ago on Security by Obscurity. It involved running a web server on an emulated Mac OS 7.5.3 from Redhat with the logs in multiple different languages.
Yeah, it was pretty much as meaningless as this article. - Aero347, on 07/07/2009, -0/+11I can still burn down the room =( hacked.
- WorldGroove, on 07/07/2009, -0/+7Oh... and I forgot. Don't go running that nmap command on any network that is not your own. A moderately secure corporate intranet will see it as an attack; a VERY NOISY attack(dozens of suspicious packets in a few seconds) and it will point right to you and you'll be fired instantly. You've been warned.
- WorldGroove, on 07/07/2009, -0/+6Doesn't stop anyone but beginner-script-kiddies. No real hacker was stopped because the Server Header was incorrect/missing. On linux, try running nmap -T4 -A \<IPADDRESS\> ....and there are certain common webservers so a hacker just needs to guess it. And, check out metasploit.com.
- Aero347, on 07/07/2009, -1/+6*****. Epic. Comment. ^
- inactive, on 07/07/2009, -0/+4Ahhhh too late!
- Aero347, on 07/07/2009, -0/+4You. *****. Idiot.
- Codes02, on 07/07/2009, -0/+2Wait.... so instead of fixing bugs we should hide clues that they exist?
Some how I think that would be a bad idea. - ha3er0, on 07/06/2009, -0/+2httprint didn't work on it. Am I missing something?
it was last updated on 2005. - redfox2600, on 07/07/2009, -0/+2If you blow up your server no one can hack it and do any meaningful additional damage.
- Aero347, on 07/07/2009, -1/+3Johan Marcus has lost his mind. Billy Mayes cannot rest in peace while someone as dumb as you uses that many capital letters. You've offended me and you've Billy, it's only a question of who gets to you first.
- JohnnySoftware, on 07/12/2009, -0/+1Okay, how many undisclosed security-related bugs exist in Internet Information Server right now?
It's already hidden from the public. Customers and users in the large don't know what they are. Hackers know. Hackers do not only use vulnerabilities - especially only ones the manufacturer has announced or patched.
Many of them are also out there looking for them. Even non-technical users are going to find vulnerabilities by accident from time to time. They are just not computer literate at a low-enough level to recognize them.
So, I can see where there is a temptation to hide information about the server you are running, especially if it is already being heavily exploited. However, you do that enugh and hackers are just going to brute fcrce the hacks in, trying one after another - and continuing to do so until one sticks to the wall. Then, move to the next server.
If you live in a glass house, covering up the street number next to your door is not going to make the problems go away. - talonh, on 07/07/2009, -2/+3louiebaur submits lame story written by former digg user pavelmah and it makes the front page despite having no real info. Looks like the algo still has a ways to go...
- ArchangelZLT, on 07/07/2009, -0/+1I miss /.'s modding system, where this guy would promptly receive a -1 troll on each of his post.
- inactive, on 07/07/2009, -8/+1TOO MANY PERIODS IN THERE BIG GUY
IM NOT EVEN USING PERIODS AT ALL
BECAUSE IM NOT A WOMAN
A WOMAN HAS A PERIOD
THAT'S YOU
ARE YOU BLEEDING FROM YOUR GENITALS? BECAUSE THAT'S WHAT YOU'RE COMMUNICATING RIGHT NOW
I BET YOU FEEL ALL SORTS OF DUMB NOW
MESS WITH THE WHIP AND YOU'RE GONNA GET LASHED
Johan Marcus Guy. - inactive, on 07/07/2009, -15/+0Johan Marcus Guy here!!!!!!
Hey, SO HERE'S THE DEAL:
I was so excited that my server could run on caffeine!!! You know, ever since I won that lifetime supply of folger's coffee contest by naming their new coffee "amaretto sunshine."
I'm thinking JOHAN MARCUS, JOOOOOHAAAAAAN MARCUS
YOU
NEED
THIS
so badly...
BUT WHATS THIS ABOUT A REPOSITORY?
I WONT PUT A SERVER UP ANY ORIFICE AS A GENERAL POLICY
(I've had bad experiences in the past with an I-phone)
((amaretto sunshine enemas are exempt from this rule))
YEAH YEAH YEAH YEAH YEAH YEAH YEAH YEAH YEAH
brapbrapbrapbrap
LISTEN I GOT TO GET GOING
JOHAN MARCUS GOY
JOHAN MARCUN GUY
JOHANUS MARCOLO GUY
© Digg Inc. 2009
— Content created and posted by Digg users is