delphij's Chaos


19 May 2005

Why you should not hide version.bind?

This article has suggested a way of hiding version.bind string. From a security perceive, this is an overkill and can usually be harmful:

  • While it’s true that you can hide version.bind, the fact that version.bind is can be queried reveals that you are running BIND. It makes little sense to fake a version.
  • The need of hiding information, which is unnecessarily hidden like this, means that the system administrator is neglecting security.
  • Therefore, FOREACH(version.bind is queriable and is hidden) HACKEM :-)

Security can NOT be built on what others are not aware of.