lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon Feb  6 07:32:47 2006
From: abryson at bytefocus.com (Alice Bryson)
Subject: What can a Remote Vulnerability Scanner do in
	Future?

hi there:
    I'm engaged in design a Remote Vulnerability Scanner. We have done
a non-preemptive multithread engine and written almost 2000
vulnerability plugins. Each one of plugins according to one CVE ID.
    After we done these work, we get confused and don't know what to
do. first, although Microsoft release several security issue every
month, most of them are local. What our Remote Vulnerability Scanner
could do is just login in remote Windows host via SMB protocol and do
Registry of file version check. These could be done on some Windows
with SMB username/password provided. But Windows XP with sp2 enhance
the security configuration and block these checking way. So we can not
do local check on Windows XP sp2 except ask customers to do a lot of
complex configuration.
    Eeye scanner could not do remote local check too. So I am consider
what can Remote Vulnerability Scanner do? Will this thing disappear in
the future?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ