[Standards-JIG] Re: Client Capabilities (rant)
dot at dotat.at
Mon Dec 5 23:01:04 UTC 2005
On Sat, 3 Dec 2005, Trejkaz wrote:
> Actually, giving away even the client version is often considered to be a
> security hole. If a fix comes out for FooClient 1.2 and you're running a
> client which tells everyone you're running FooClient 1.1, you're definitely
> at risk.
Most exploits ignore any version information and go ahead regardless. All
they care about is whether the exploit succeeds or not. Of course, you
might be running a patched FooClient 1.1 which is not exploitable but
which to casual observers might appear to be.
f.a.n.finch <dot at dotat.at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
More information about the Standards