Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Dailydave] Re: This mornings Security Wire Perspectives - Ira's proof of concept code article.
From: Julio Patel (smerdyakovvgmail.com)
Date: Tue Nov 30 2004 - 07:42:47 CST
On Tue, 30 Nov 2004 12:01:48 +0100, pete <listsisecom.org> wrote:
> > So, Ira was right. An automated scanner *can* often test for exploits
> > via the network (without exploit code) and even more often if the
> > scanner is configured to do the checks locally.
> Ira was almost half right if in the real-world it actually worked like
> that and those in charge of security conveniently had root and admin
> rights on all the boxes they had to do local tests on. Politics makes
> local checks a moot point in most of the world.
Sure, but not every network-based test requires actual exploit code.
I took issue with the two extremes being presented (with respect to
scanning). The reality of scanning effectiveness (local, remote, or
hybrid) falls somewhere between "works all the time" (Ira) and "is
> > This is pretty much what Robert already said....he needs exploits (or
> > at least detailed tech info) to do better pen-tests. OK,
> > Full-disclosure fits your business model...what's your point? You've
> I guess all those those MBA classes has paid off for you and thankfully,
> now, for all of us. Was it in an advanced class where you learn that a
> system where as a vendor, you control both product and maintenance of
> that product (which people must pay for) is an even better business
> model? Imagine a system where any third party could make an analysis of
> a product that is not sanctioned by the vendor of that product. I know
> big Pharma has also found the whole clinical trials thing to be pretty
> pesky too. It really cuts into their preferred business model.
you completely missed what I was saying, but that's allright since
you've seen fit to give me an honourary degree. I'm not for either
extreme...my ideal model would probably lie somewhere in between
(relative to me and different for each situation).
Dailydave mailing list