Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Dailydave] Herps
From: wirepair (wirepairroguemail.net)
Date: Fri Feb 27 2004 - 20:28:38 CST
I know exactly what you mean, I always strip that stuff out. It also depresses me when a client uses
a web based tool such as mcafee and freaks out because I 'didn't find' the ICMP timestamp crap. I even
went as far as creating a database for nessus where i can plugin the 'relevant' plugin id's (also to correct
a lot of the false information in the plugins). Ah well,
On Fri, 27 Feb 2004 20:01:15 -0500
Dave Aitel <daveimmunitysec.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>So I just finished a week-long assessment of a software product and
>didn't even find a way to crash it. This sort of thing is very
>depressing to me, but does occasionally happen. It's like another
>assessment I did recently of a web application where the most
>interesting thing I found was cross-site-scripting.
>I occasionally hear people say "We always find something in our
>assessments. We've never failed to get in." Usually the way they
>justify this is by putting ICMP timestamp on their deliverables (or
>the equivalent - can we just take that out of Nessus now and stop
>having to see it ever again? So many other protocols (SMB and RSYNC
>for example) give you the current time that it's really not an issue.
>It's really not. Please, please take it out of your vulnerability
>database, nessus team, if you read this).
>I have to think that if you find something major on everything you
>assess that you are:
>1. Way ahead of your time, skill-wise...like the ADM/ISS X-Force
>people, various people on this list who hate being named, MaXX, etc.
>2. Fooling yourself. Most likely you need to do harder projects (Peter
>Winter-Smith - shareware.com will run out of windows servers
>eventually...why not try to find something in Redhat 9?). One fun game
>is to look at something that just had an advisory released on it. Then
>go find something on that. This is also a very productive game,
>because everyone will have just updated, and so they will all have the
>same version. If the product was really buggy, whoever looked at it
>the first time might have found five or six bugs, and then given up.
>The vendor probably only fixed four of those.
>P.S. A "Herp" is short for a "reptile". It's funny how owning reptiles
>is a "hobby" - often linked with doing scientific experiments on
>insects (the latest copy of Reptiles magazine had a whole article on
>ant breeding) whereas owning a cat or dog is just having a pet. What's
>up with that?
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>-----END PGP SIGNATURE-----
>Dailydave mailing list
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.