[ On Thursday, June 16, 2005 at 13:29:01 (+0200), Christian Cernuschi wrote: ]
> Subject: Re: Cyrus Banner
>
> Someone where i work asked somebody else to run a security check with
> nessus.Nessus reports this as a minor problem.
Nessus isn't a "security checker" -- it's a lame-brained bass-ackwards
poor excuse for wasting time and resources.
> I know that it doesn't solve anything but it would be better for a clean
> report. (no comment)
Ineed. Any idiot who believes reducing the Nessus warnings will do them
any good deserves far more trouble than they'll likely ever get.
A proper exploit just gets the job done -- anyone running Nessus just
sticks their head in the sand and more often than not just ignores the
ongoing exploits.
The really funny thing though is when third-party auditors claim
exploits when their Nessus reports show "exploitable" version numbers,
even though the actual running software was patched months ago. :-)
It's a great excuse to not pay them and to tell them to go bugger off
get a real job that they're qualified for, such as digging ditches.
--
Greg A. Woods
Planix, Inc.
<[EMAIL PROTECTED]> +1 416 489-5852 x122 http://www.planix.com/
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
