Re: Scanners and unpublished vulnerabilities - Full Disclosure

• Previous message: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• In reply to: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Next in thread: Jon Bull: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 May 2002 14:35:09 -0400 (EDT)
From: batz <batsy@vapour.net>
To: David Litchfield <david@ngssoftware.com>

On Wed, 29 May 2002, David Litchfield wrote:

:This comment (and some which follow) indicate you've missed on of the key
:points. When the vendor does release a patch NGSSoftware will follow up with
:full details as normal. The VNA is not intended to replace our normally full
:advisory - it simply exists as an interim solution to 'help' ensure vendors
:release patches in a timely fsahion.

Aah, this wasn't clear to me and (evidently) many others. I'm sure it's
in there somewhere, but maybe you could emphasize it a bit more?

:By putting these checks in Typhon, which we've always done, we buy a week or
:two advantage over something like Nessus.

Indeed. I don't see how this process is even inconsistent with the full
disclosure approach. I have admittedly been more of an advocate than a
practitioner of full disclosure, but maybe someone could point out more
clearly how this will deprive the underground of its toys? ;)

Cheers,

--
batz
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• In reply to: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Next in thread: Jon Bull: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: faster scans? (nmap) ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: pen test help please asap ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) Re: ettercap help ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: CFM SQL injection ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: ettercap help ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint