Re: X-Mailer removing

From: Sami Sihvonen (ss@janiika.com)
Date: 06/17/02 

From: Sami Sihvonen <ss@janiika.com>
Date: Mon, 17 Jun 2002 17:57:03 +0300

In article <m3n0u0bv9x.fsf@sjosefsson-pc.se.eu.rsa.net>,
Simon Josefsson <simon@josefsson.org> wrote:

>>>> X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)

Let's take look at that above X-Mailer line more closely:

It tells that used browser is normal distribution version of Netscape
Navigator version 4.72. Old version of Netscape, source code available
for it and discussion about it's bugs widely available.

We also know that user uses Netscape for Usenet, so we can easily find
out when that computer is running Netscape. And maybe user will browse
web-pages at the same time user reads Usenet. Maybe user executes Java
code if we post it? Let's get information about Java-problems in that
Netscape version.

It tells us user is using english language version of Netscape. So we
know that we might have better results with english word list for
brute force password attacks.

And it tells us more: (X11; U; Linux 2.2.18 i686). So user is using
GNU/Linux with X Window System, kernel version 2.2.18 in Intel Pentium
based computer.

Now that we know this much, it is not hard to guess what software is
installed and running on that kind of system. We could also post a
fake question to find out which Linux distribution is used, then we
would know more details.

And ofcourse there are other ways to add our knowledge of used system.
To check users Usenet postings we might find a lot of information.
Reading users other news headers might give more information. And to
access that machine on-line using different ways might give out
something.

Less information about system means better security, it is harder to
attack if you don't know what you attacking. Because of this it is bad
that X-Mailer gives out so much information. 

-- 
Sami Sihvonen,
Chief Executive Officer,
Janiika Networks Corporation.