There’s always much talk about systems which are insecure by default. The usual point being made is that a not-so-tech-savvy or uninformed user will be running an insecure setup without ever noticing. But what of the (supposedly) tech savvy people that offer their skills as a service? ### Incompetence as a service Hosting services are definitely not known for staying on the bleeding edge of software. In fact, they’re not known for staying up to date either. But running a PHP version from 2009 while also proudly delivering a
header to every get request is something new entirely. It gets even better, when you call the helpdesk and complain about it they
As a conclusion,
last but not least, do not insert easter eggs in your software if they can have an impact on security (I am looking at you PHP)!
Why would you EVER want to expose your software version on a production system?!