Re: Scanning the Internet for Vulnerabilities

[bzs () theworld com]

On June 20, 2022 at 18:01 jhellenthal () dataix net (J. Hellenthal) wrote:
> To what extent and to whom will you authorize to do that? 100 random college students? X number of new security 
> firms? At some point it will break.

Define "authorize".

> -- 
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
>
> > On Jun 20, 2022, at 17:04, bzs () theworld com wrote:
> >
> > 
> > It seems to me there's vulnerability testing and there's vulnerability
> > testing and just lumping them all together motivates disparate
> > opinions.
> >
> > For example it's one thing to perhaps see if home routers
> > login/passwords are admin/admin or similar, or if systems seem to be
> > vuln to easily exploitable bugs and reporting such problems to someone
> > in charge versus, say, hammering at some network to see when/if DDoS
> > mitigation kicks in.
> >
> > For example I've gotten email in the past that some of my servers were
> > running ntp in a way which makes them vuln to being used for DDoS
> > amplification and, I believe, fixed that. I didn't mind.
> >
> > Anyhow, you all probably get my point without further hypotheticals or
> > examples.
> >
> > Scanning for known vulns and reporting can be ok, testing to
> > destruction? Not so much.
> >
> > -- 
> >        -Barry Shein
> >
> > Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
> > Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> > The World: Since 1989  | A Public Information Utility | *oo*

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*