Re: CRIME Netcraft Ethics

From: Alan (alan@private)
Date: Sun Jun 23 2002 - 10:31:12 PDT

  • Next message: SCRIMSHER,JOHN (HP-Corvallis,ex1): "RE: CRIME EarthLink Password Security Story"

    On Fri, 2002-06-21 at 15:45, Crispin Cowan wrote:
    > Jimmy S. wrote:
    > 
    > >I would like to pose a question?  Does anyone else have a problem with
    > >Netcraft sweeping the web looking vulnerable servers to latest IIS buffer
    > >overflow?
    > >
    > Considering that bad guys can (and do) do exactly the same thing, but 
    > with malicious intent, I have no problem at all with Netcraft collecting 
    > this data. As brvarian said, if you don't want this data collected, 
    > don't advertise it. If you are even half-way concerned about security, 
    > then you should not be advertising (accurate) application banners anyway.
    
    Sounds like a useful module for Apache.  "mod_random_version" Have
    Apache return with a randomly generated bogus version each time it is
    contacted.
    
    But if that happened, Apache's percentage in the Netcraft stats would go
    down and the terrorists would win. 
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 12:34:43 PDT