Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
This just goes to show once more that security through obscurity is no security at all.
Searching for Insecurity
Posted Sep 28, 2006 8:55 UTC (Thu) by dion (guest, #2764)
There is absolutely no reason at all to tell the attackers the exact version of software you are running, but doing so just makes it easy to for the attackers to find you when an exploit is published.
The majority of attackers don't go after one particular host and try to crack it, they just scan the net (or search google) and attack the hosts what seem vulnerable.
Keeping the software name/version obscure will prevent the casual attacks and hopefully give you time to patch the system before someone determined to attack you does so.
Posted Sep 29, 2006 6:01 UTC (Fri) by rahulsundaram (subscriber, #21946)
Security through obscurity is ok as long as you dont rely on it completely. It sometimes does gives you a grace period or layer of security as passive defense.
Posted Sep 29, 2006 18:32 UTC (Fri) by giraffedata (subscriber, #1954)
There is absolutely no reason at all to tell the attackers the exact version of software you are running
There's a good reason to tell the attackers the version of the software: You can't know that the person you're telling is an attacker, and non-attackers have lots of good uses for that information. It's especially useful in diagnosing problems. It's also handy in release management.
I believe obscurity usually improves security. But that improvement does come at a cost.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds