1 comment

[ 3.2 ms ] story [ 12.4 ms ] thread
I practice what I refer to as "Security by Obfuscation".

That's not quite the same as "Security by Obscurity".

I got the idea from O'Reilly's book on Apache Security. It recommends that one configure httpd to identify itself as Microsoft Internet Information Server. That way, unless someone specifically know you're using Apache, they're likely to waste lots of time trying out Windows, ASP.Net and IIS exploits.