[Standards-JIG] Re: Client Capabilities (rant)

Tony Finch dot at dotat.at
Mon Dec 5 23:01:04 UTC 2005


On Sat, 3 Dec 2005, Trejkaz wrote:
>
> Actually, giving away even the client version is often considered to be a
> security hole.  If a fix comes out for FooClient 1.2 and you're running a
> client which tells everyone you're running FooClient 1.1, you're definitely
> at risk.

Most exploits ignore any version information and go ahead regardless. All
they care about is whether the exploit succeeds or not. Of course, you
might be running a patched FooClient 1.1 which is not exploitable but
which to casual observers might appear to be.

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.



More information about the Standards mailing list