Dailydave mailing list archives
Re: RE: Last post.. please, this thread is killing me =)
From: Matt Hargett <matt () use net>
Date: Tue, 30 Nov 2004 10:36:04 +0000
robert () dyadsecurity com wrote:
Julio Patel(smerdyakovv () gmail com)@Tue, Nov 30, 2004 at 08:42:47AM -0500:Sure, but not every network-based test requires actual exploit code. I took issue with the two extremes being presented (with respect toscanning). The reality of scanning effectiveness (local, remote, or hybrid) falls somewhere between "works all the time" (Ira) and "is useless" (Robert).It depends on what you're trying to deliver. If you're just trying to identify potential problem areas, then it may be sufficient to say "based on the version information, we believe this may be vulnerable". In our testing we try very hard to have at least 66% of the problems we report be verified issues. It helps us with the Risk Assessment Values we calculate to go along with the findings. Otherwise you're dealing with pure speculation. Imagine you went to the doctor and something in the test came out funny and he reports: Well, it looks like you have AIDS, Syphilis, Cancer, an ingrown toenail, and bone decay. What if the only one he actually verified was the ingrown toenail, and he simply had incomplete tests for the other ailments on the report? What I was saying before is simply looking at version information alone is insufficient to determine susceptibility to a problem. What happens when you use the current tools, like nessus, iss, retina, etc.. is you get a really big list of things to follow up on. Some of it's good, most of it's crap. Problem is you won't know which is which until you go through all of it. These tools can be built more intelligently. We're working on doing just that.
I can't believe people still talk about this. Tom Ptacek used to spin a good yarn about this 7 years ago, let's really use the wayback machine and get him in on the discussion.
Hey Rodney, I'm sure you have something to add ;> _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: This mornings Security Wire Perspectives - Ira's proof of concept code article., (continued)
- Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. Julio Patel (Nov 29)
- Mandatory Access Control (Was: Re: RE: This mornings Security Wire Perspectives - Ira's proof of concept code article.) Peter Busser (Dec 03)
- Re: Mandatory Access Control robert (Dec 03)
- Message not available
- RE: This mornings Security Wire Perspectives - Ira's proof of concept code article. robert (Nov 29)
- Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. Julio Patel (Nov 29)
- Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. robert (Nov 29)
- Re: Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. Julio Patel (Nov 29)
- Re: Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. pete (Nov 30)
- Re: Re: This mornings Security Wire Perspectives - Ira's proof of concept code article. Julio Patel (Nov 30)
- RE: Last post.. please, this thread is killing me =) robert (Nov 30)
- Re: RE: Last post.. please, this thread is killing me =) Matt Hargett (Nov 30)