OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: ISS Internet Scanner Cannot be relied upon for conclusive

Re: ISS Internet Scanner Cannot be relied upon for conclusive

Jim Trocki (trockijTRANSMETA.COM)
Thu, 11 Feb 1999 10:46:40 -0800

On Tue, 9 Feb 1999, David LeBlanc wrote:

> >How does ISS handle the NT example referenced above??
>
> We get that one right.  All the NT patch checks are based on file
> timestamps, not service pack numbers.  We have seperate checks for just
> service pack numbers, since you need less access to get the SP level than
> to get timestamps on system files.

C'mon. Haven't you learned to use digital signatures (like MD5) instead
of timestamps to identify files? A timestamp is a bunch of crap, and
it has no relation at all to the contents of the file. You could easily
build a database of MD5 hashes of the different DLLs which are included
in each different service pack, and use that to identify SP levels.


Jim Trocki <trockijtransmeta.com>
Computer System and Network Engineer
Transmeta Corporation
Santa Clara, CA