Re: Disable ZeroConf: how to ?

To: debian-devel@lists.debian.org
Subject: Re: Disable ZeroConf: how to ?
From: Philipp Kern <trash@philkern.de>
Date: Thu, 3 Mar 2011 16:08:43 +0000 (UTC)
Message-id: <[🔎] slrnimvf8a.ra8.trash@kelgar.0x539.de>
Reply-to: phil@philkern.de
References: <[🔎] 201103021825.32204.roucaries.bastien@gmail.com> <[🔎] 87pqq9kwd1.fsf@sonic.technologeek.org> <[🔎] 20110302225642.GC17584@ikki.ethgen.ch> <[🔎] 4D6EFE56.8030707@ubuntu.com> <[🔎] 20110303100247.GA20678@ikki.ethgen.ch> <[🔎] 87sjv4jybg.fsf@qurzaw.varnish-software.com> <[🔎] 20110303105413.GB20678@ikki.ethgen.ch> <[🔎] 1299151335.2561.17.camel@tacticus> <[🔎] AANLkTikC2z4-3c9QhBVDYbvsJyNc6yd6KOfK2OpSmbNH@mail.gmail.com> <[🔎] AANLkTinkQ=Q8wX45zbODT7WqUwX2OqjX_y5W-X-aJT2y@mail.gmail.com> <[🔎] 7xmxlcs288.fsf@fsck.linpro.no> <[🔎] AANLkTikXWCpRJgX3i33HsvMBJ+m9c5p8t6rYbQ-3wupe@mail.gmail.com>

On 2011-03-03, Bastien ROUCARIES <roucaries.bastien@gmail.com> wrote:
> Giving information on my system without admin concent is an
> information leak, and thus tag security...

Information leaks are leaks of *sensitive* information.  If I want to know if
you run phpmyadmin at its default location I just poll that URL and your
webserver will tell me.  If you don't run it there but in another path you'll
likely not know where to change it in the Avahi broadcast data.

And next time we get bugs about Iceweasel leaking its version number in the
User-Agent header, which I consider more sensitive (cf. Panopticlick).  But
then my mileage varies, as yours does, too.

We don't like security by obscurity, as you might know.

Kind regards
Philipp Kern

Reply to:

Follow-Ups:
- Re: Disable ZeroConf: how to ?
  - From: Yves-Alexis Perez <corsac@debian.org>

References:
- Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Julien BLACHE <jblache@debian.org>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Chow Loong Jin <hyperair@ubuntu.com>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: Disable ZeroConf: how to ?
  - From: Klaus Ethgen <Klaus@Ethgen.de>
- Re: Disable ZeroConf: how to ?
  - From: Lars Wirzenius <liw@liw.fi>
- Re: Disable ZeroConf: how to ?
  - From: Sujit Karatparambil <sujit.kmadhavan@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
- Re: Disable ZeroConf: how to ?
  - From: Stig Sandbeck Mathisen <ssm@debian.org>
- Re: Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Prev by Date: Re: Help identify packages that multiarch support will break
Next by Date: Re: Help identify packages that multiarch support will break
Previous by thread: Re: Disable ZeroConf: how to ?
Next by thread: Re: Disable ZeroConf: how to ?
Index(es):
- Date
- Thread