On 16.12.2017 21:25, Daniel Shahaf wrote:
> Eric Johnson wrote on Sat, Dec 16, 2017 at 07:05:52 -0800:
>> Hiding that information slows the drive-by attackers down,
> Hiding that information is a pretty clear signal that "I think I'm an
> interesting target", though. Everyone who's serious about s
Eric Johnson wrote on Sat, Dec 16, 2017 at 07:05:52 -0800:
> Hiding that information slows the drive-by attackers down,
Hiding that information is a pretty clear signal that "I think I'm an
interesting target", though. Everyone who's serious about security knows
that the right answer is to config
Hiding the version information is but a piece of the puzzle. It won’t save
a server from a persistent attacker. However, hiding the server software,
and the software version, makes it harder for “drive-by” attackers to
discover that your server is vulnerable. They don’t generally want to spend
the
On 12/16/2017 5:38, Branko Čibej wrote:
On 15.12.2017 16:15, Dhanushka Parakrama wrote:
Hi All
Is there any configuration where i can hide the subversion version
details .Please see copied image Inline images 1
You could start by telling us *where* you see that image. In a browser,
I presume
OT, but you can see one here:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-44ver2.pdf
(specifically, section 5.1: Reconfigure HTTP service banner (and others as
required) not to report Web server and OS type and version )
There are, of course, mandates to use up to date s
This sounds like the ServerSignature directive
https://httpd.apache.org/docs/2.4/mod/core.html#serversignature
Have you turned it off?
On Fri, Dec 15, 2017 at 7:15 AM, Dhanushka Parakrama <
parakrama1...@gmail.com> wrote:
> Hi All
>
> Is there any configuration where i can hide the subversion
On 15.12.2017 16:15, Dhanushka Parakrama wrote:
> Hi All
>
> Is there any configuration where i can hide the subversion version
> details .Please see copied image Inline images 1
You could start by telling us *where* you see that image. In a browser,
I presume? Generated by which server? It's cer
On 15.12.2017 20:10, Matt Simmons wrote:
> Many documents relating to information security compliance require
> blocking visible software version information.
Interesting documents. I'd have expected them to require all software to
be patched to fix all known security bugs. I thought the "security
Many documents relating to information security compliance require blocking
visible software version information.
On Fri, Dec 15, 2017 at 10:46 AM Nico Kadel-Garcia wrote:
> Why would you want to hide this?
>
> On Fri, Dec 15, 2017 at 10:54 AM, Dave Huang wrote:
> > On Dec 15, 2017, at 9:15,
Why would you want to hide this?
On Fri, Dec 15, 2017 at 10:54 AM, Dave Huang wrote:
> On Dec 15, 2017, at 9:15, Dhanushka Parakrama
> wrote:
>
>
> Hi All
>
> Is there any configuration where i can hide the subversion version details
> .Please see copied image
On Dec 15, 2017, at 9:15, Dhanushka Parakrama wrote:
>
> Hi All
>
> Is there any configuration where i can hide the subversion version details
> .Please see copied image
I think that's controlled by the Apache ServerSignature configuration option
(https://httpd.apache.org/docs/2.4/mod/core.
Hi All
Is there any configuration where i can hide the subversion version details
.Please see copied image [image: Inline images 1]
12 matches
Mail list logo
