undefined | Better HN

0 pointsAstralStorm6y ago0 comments

How is sending a patch level a vulnerability? It only makes things easier to scan, not to exploit.

(And you shouldn't trust that data anyway.)

0 comments

If every site responded, upon request, with their patch level, a database could easily be created.

Or a scan becomes that much easier to perform on 100,000 endpoints - and then your targeted attacks can begin on only vulnerable systems. 'Exploiters' waste a lot of time trying non-vulnerable systems.

The less information your server exposes to the outside, the better.

j / k navigate · click thread line to collapse

0 pointsAstralStorm6y ago0 comments

How is sending a patch level a vulnerability? It only makes things easier to scan, not to exploit.

(And you shouldn't trust that data anyway.)

0 comments

deaps6y ago

If every site responded, upon request, with their patch level, a database could easily be created.

The less information your server exposes to the outside, the better.

j / k navigate · click thread line to collapse