rss or mobile?

^ Yes Mak you are right, there is a reason we don't give that information away. Spear Phishing and remote exploits are two reasons that come to mind.
 
How detailed would information about what OS people are using to visit a site have to be for it to be considered dangerous? For example would releasing that of the visitors to site xyz 40% use Windows 7, 20% use XP, 20% use Vista, 10% use OSX and 10% use Linux be hazardous or would the info need to be more specific than that?
 
It would not be posted by individuals, I believe what people are referring to here is just data included in the user agent string. These are provided to the site by your browser (unless you have something in place to spoof or mask them out). Take a look here: UserAgentString.com - Netscape version 4.0.
You can see this sort of information collected anonymously and used for statistics on other sites.
 
How detailed would information about what OS people are using to visit a site have to be for it to be considered dangerous? For example would releasing that of the visitors to site xyz 40% use Windows 7, 20% use XP, 20% use Vista, 10% use OSX and 10% use Linux be hazardous or would the info need to be more specific than that?

Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?

kmote is right about the user agent string, and i can tell you that it isnt that hard to dupe that little detection mechanism either.

The fact is it isnt going to happen. We are not going to release the information about how many of our users use a specific OS. With the amount of viruses that are out there, exploits that are found almost daily for so many different version of all OS's we are not willing to risk our members safety so people can have some information that isnt necessary for anything relevant to them. Just to fulfill their curiosity.

I will find out about the % of people checking from mobile devices, as that information can range from a phone to an iPod touch and so on that it is very difficult to arrange an attack against a specific device. But as far as the OS debate goes, it aint happening. No amount of griping, no amount of trying to sway that decision is going to work. Sorry but that is the way it is going to be.
 
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?

Ah, ok it's good to know the reasoning behind it. Although it seems like people assuming what percentage of visitors will be made up by a specific os according to it's market-share would be a pretty accurate approximation.

I wouldn't feel any less comfortable with attackers knowing that I have x% probability of running a specific os since I already assume they are picking their targets based off of similar data but I suppose it's a case of avoiding doing anything that could potentially make members here a higher priority target than usual.

I'm not arguing for releasing the statistics at all. I just wanted to better understand the risks surrounding them for future reference.
 
Even posting that information can be hazardous. I mean just look at the Windows update cycles from the time a known exploit is released and the patch comes out. Your talking about a month's time that someone could know exactly how many users they could easily infect with a specific exploit before it is patched.

So lets say that All Windows versions are at risk. That means by posting that information that 80% of our members would be at risk of someone knowing that they are at risk and that they could be subject to an infection from just visiting our site.

Could you feel comfortable knowing that could happen to you? Now imagine you are a first time visitor and it happens. What are the chances you come back?

kmote is right about the user agent string, and i can tell you that it isnt that hard to dupe that little detection mechanism either.

The fact is it isnt going to happen. We are not going to release the information about how many of our users use a specific OS. With the amount of viruses that are out there, exploits that are found almost daily for so many different version of all OS's we are not willing to risk our members safety so people can have some information that isnt necessary for anything relevant to them. Just to fulfill their curiosity.

I will find out about the % of people checking from mobile devices, as that information can range from a phone to an iPod touch and so on that it is very difficult to arrange an attack against a specific device. But as far as the OS debate goes, it aint happening. No amount of griping, no amount of trying to sway that decision is going to work. Sorry but that is the way it is going to be.


Good point about it. It seems like this information is pretty harmless...but it does give them a clue. "Oh 30% of the users use XXX OS..that means I have a pretty good chance and if that fails another XX% use XXX OS".

But more on topic, I do visit T-F regularly on my phone when I'm waiting on class to start. And the site is a huge PITA to get anywhere. Really big on a phone screen, have to scroll forever in order to get anywhere, loads freaking (like it'll have the same layout as it does on PC...but the thread titles will be centered instead of against the box thing), etc etc. So yea, I think it'd be pretty cool to have a mobile version of the site.

I'd rank it more as a luxury than a necessity though.
 
Having a mobile version is still something we want to do. I've said it before and I will say it again. I'm not sure how vB4 is situated for setting up a mobile version but if it can then it would make that possibility much more likely when we upgrade. Right now we are waiting for vB to work out the bugs before we dive in blindly.
 
Having a mobile version is still something we want to do. I've said it before and I will say it again. I'm not sure how vB4 is situated for setting up a mobile version but if it can then it would make that possibility much more likely when we upgrade. Right now we are waiting for vB to work out the bugs before we dive in blindly.

yea...never did think of that. I'm sure forum based like vB would be a lot harder to convert then just plain html
 
Back
Top Bottom