lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.60.0602131010010.8318@tnelson.webalive.biz>
Date: Mon, 13 Feb 2006 10:16:22 +1100 (EST)
From: Tim Nelson <security@...alive.biz>
To: Alice Bryson <abryson@...efocus.com>
Cc: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
	bugtraq@...urityfocus.com, ntbugtraq@...ugtraq.com
Subject: Re: What can a Remote Vulnerability Scanner do in
	Future?

On Mon, 6 Feb 2006, Alice Bryson wrote:

...
>    Eeye scanner could not do remote local check too. So I am consider
> what can Remote Vulnerability Scanner do? Will this thing disappear in
> the future?

 	Scan for remote vulnerabilities.  Scanning for local 
vulnerabilities can obviously only be done locally.

 	Basically you need to have a remote access method before you can 
do anything remotely.  It might be useful to get a windows version of sshd 
or cfengine.  Another possibility would be to make the local scanner 
executable available on the network, and then have each machine 
individually download it and run it locally.

 	Basically, to check for local vulnerabilities, you need:
1.	A deployment process (hopefully simple)
2.	An execution process

 	This is exactly what cfengine was designed to solve in the Unix 
world.

-- 
Kind Regards,
 
Tim Nelson
Server Administrator
 
P: 03 9934 0888
F: 03 9934 0899
E: tim.nelson@...alive.biz
W: www.webalive.biz
 
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008

This email (including all attachments) is intended solely for the named addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.

Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ