Security Basics mailing list archives
RE: Opinions on vulnerability scanning practice?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 3 Aug 2006 17:18:30 -0700
Do they understand that the clients who have contacted them do not own the servers from which they want to link? Maybe that wasn't clearly communicated to them. Dave Gillett
-----Original Message----- From: rgutter () gmail com [mailto:rgutter () gmail com] Sent: Wednesday, August 02, 2006 3:20 PM To: security-basics () securityfocus com Subject: Opinions on vulnerability scanning practice? I'd like to get a community opinion on this. We're a union that provides free web hosting to a number of related non-profit organizations. Some of them have gone to a third-party provider for e-commerce functionality, and obviously want to link to that provider from their sites on our server. Wanting to set up merchant accounts for these organizations, that provider's e-commerce service (Beanstream) had a risk management firm run a vulnerability scan on our server, stating that Visa requires AIS end-to-end compliance within the Visa payment system. Now, I recognize the desire to prevent pharming and similar attacks that could occur were my system to be compromised, but my first response was: "Who the ^*$$* do you think you are to run a scan on my system without permission?" What's the deal here? Am I out of line? Is this normal practice? -------------------------------------------------------------- ------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Opinions on vulnerability scanning practice? rgutter (Aug 03)
- RE: Opinions on vulnerability scanning practice? David Gillett (Aug 04)
- Re: Opinions on vulnerability scanning practice? Mitch Pope (Aug 04)
- Re: Opinions on vulnerability scanning practice? Ansgar -59cobalt- Wiechers (Aug 05)
- Re: Opinions on vulnerability scanning practice? Eric Furman (Aug 05)
- Re: Opinions on vulnerability scanning practice? Irwan Ismail (Aug 04)
- <Possible follow-ups>
- RE: Opinions on vulnerability scanning practice? Jeffrey Wei (Aug 04)
- Re: Opinions on vulnerability scanning practice? krymson (Aug 04)
- RE: Opinions on vulnerability scanning practice? Krpata, Tyler (Aug 04)
- Re: Opinions on vulnerability scanning practice? knox . justin (Aug 04)
- Re: Opinions on vulnerability scanning practice? benjaminz (Aug 04)
- Re: Opinions on vulnerability scanning practice? gazwj (Aug 04)
(Thread continues...)