Re: [PEN-TEST] ISS not detecting unicode bug??

[Fred Mobach <fred () MOBACH NL>]

Eric Budke wrote:
> No opinion about Nessus, but the one thing that ISS and NAI have going for
> them is a way of pushing out (not technically pushing) updated.  I've got
> hundreds of emails across a couple of mail clients of things to go back to,
> or to look at. There was a time I'd grab almost every linux kernel and
> upgrade all my boxes (until I moved to a laptop where kernel upgrades cause
> things like PCMCIA cards to stop working). It isn't really that practical.
> Nmap for a period (and I'm sure it will happen again) where there were
> updates every day or two. Few admins have the available bandwidth to deal
> with that. Especially if you aren't using it every day.

A simple method to avoid disasters :
- backup your currently installed version of the software,
- install the newer version and test it,
- if the newer version is not what you want restore your backup.

BTW if you don't use it on a daily base why bother to check the status
daily ? Check it when you need it.

> I'm not disagreeing with the concept of open source, but I think open
> source works better if there is a way to fold everything back in to the
> original product with some sort of update.

Last time I noticed many Free Software / Open Source projects have a
publication policy :
- it starts with a pre-alpha stage,
- then comes the alpha and the succeeding beta stage,
- then you can chose between :
(a) the CVS to be on the cutting edge,
(b) the development series to test the product,
(c) the stable branche for production use.
Any problems ?

Regards,

Fred
--
Fred Mobach - fred () mobach nl - postmaster () mobach nl
Systemhouse Mobach bv - The Netherlands - since 1976
/"\
\ /
 X  ASCII RIBBON CAMPAIGN
/ \ AGAINST HTML MAIL