http://lwn.net/Articles/201470/ This is a special feed containing comments posted to the individual LWN article titled "Searching for Insecurity". hourly 2 http://lwn.net/Articles/201976/rss 2006-09-29T18:32:56+00:00 giraffedata <blockquote> There is absolutely no reason at all to tell the attackers the exact version of software you are running </blockquote> <p> There's a good reason to tell the attackers the version of the software: You can't know that the person you're telling is an attacker, and non-attackers have lots of good uses for that information. It's especially useful in diagnosing problems. It's also handy in release management. <p> I believe obscurity usually improves security. But that improvement does come at a cost. http://lwn.net/Articles/201860/rss 2006-09-29T06:01:05+00:00 rahulsundaram <p> Security through obscurity is ok as long as you dont rely on it completely. It sometimes does gives you a grace period or layer of security as passive defense. <br> http://lwn.net/Articles/201630/rss 2006-09-28T08:55:06+00:00 dion Well, doesn't it really show that obscurity would lead to better security?<br> <p> There is absolutely no reason at all to tell the attackers the exact version of software you are running, but doing so just makes it easy to for the attackers to find you when an exploit is published.<br> <p> The majority of attackers don't go after one particular host and try to crack it, they just scan the net (or search google) and attack the hosts what seem vulnerable.<br> <p> Keeping the software name/version obscure will prevent the casual attacks and hopefully give you time to patch the system before someone determined to attack you does so.<br> <p> http://lwn.net/Articles/201604/rss 2006-09-28T05:02:12+00:00 Felix.Braun This just goes to show once more that security through obscurity is no security at all.<br>