Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Roy Schestowitz cannot stop lying] [Rival] Another Major Site Runs Windows, Serves All Visitors with Malware After PWNAGE

On Sun, 11 Nov 2007 20:02:23 GMT, ed wrote:

> On Sun, 11 Nov 2007 13:29:44 -0600
> Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> 
>> Yes, I have shown the server is not IIS, because it cannot be IIS.
> 
> Because of a file extension? If one is going to obfuscate through
> headers, then why not with file extensions?

That's a circular argument.  The argument was that nobody would bother to
obfuscate their server heard, so why would they obfuscate their file
extension if they weren't going to obfuscate their server header?

Obfuscating the file extension is even further evidence that the server
header can't be trusted.

> BTW. It's pretty easy to remove ASP session cookies.

Just a data point.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index