Penetration Testing mailing list archives

Re: DPE - Default Password Enumeration standarization released

From: "SD List" <list () security-database com>
Date: Fri, 27 Jun 2008 18:33:28 +0200 (CEST)

Hello Kurt,

phenoelit has done a great job during all these years. My answer is yes
and also from many other sources (as well as some new entries never posted
else where but collected from different application vendors guides).

Yes, the community will be able to add / submit their entries.

We will post a "submission guidelines" to explain how this repository will
work. Keeping into mind that we will turn into easy model
- Submission
- Executive DPE Board reviews and accept
- The maintainer posts the xml file into repository

We will also nominate the DPE board to help us review, modify and accept
new submissions.

Yes Kurt, more than 3 entries (this was just a sample). We need your
reviews on Schema before starting to seed from different databases we've
gathered.


If you are interested to join the project, please drop us a email to
ouchn at security-database dot com


Regards and thanks for your comments.

Security-Database.com

On Thu, Jun 26, 2008 at 05:19:40PM +0200, SD List wrote:

DPE is the security-database naming scheme that provides structured
enumeration of default logons and passwords of network devices,
applications and Operating Systems.


Having a common format for this list is a great idea for many reasons. A
couple questions:

Are you going to be seeding this database from the Phenoelit list @
http://www.phenoelit-us.org/dpl/dpl.html or any other existing lists?

How will the community be able to add / modify to this list?

Will there be a central maintainer or committee (you?) who reviews
entries before inclusion and what's the expected time-line after
submitting can be expected?

When will there be more than just 3 entries in it?  :)

Kurt

--
                 ..:[ grutz at jingojango dot net ]:..
     GPG fingerprint: 5FD6 A27D 63DB 3319 140F  B3FB EC95 2A03 8CB3 ECB4
      "There's just no amusing way to say, 'I have a CISSP'."




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

DPE - Default Password Enumeration standarization released SD List (Jun 26)
- Re: DPE - Default Password Enumeration standarization released Kurt Grutzmacher (Jun 27)
  - Re: DPE - Default Password Enumeration standarization released SD List (Jun 27)
  - Re: DPE - Default Password Enumeration standarization released Jerome Athias (Jun 29)
    - Re: DPE - Default Password Enumeration standarization released natron (Jun 30)