lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B46241F.1090702@propergander.org.uk>
Date: Thu, 07 Jan 2010 18:12:47 +0000
From: mrx <mrx@...pergander.org.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: iiscan

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gmen use Gmail how appropriate.

There is a point here, who's to say that there is full disclosure of the result of the scan?

But then again when professional and qualified pen-testers are used is there full disclosure?

"Each man has his price bob... and yours was pretty low".
Roger Waters

who to trust?


I'm not professional nor skilled enough yet to trust myself, but when I am, I could still have an off day.
I am smart enough however to never submit a mission critical site to any online scanning system,
especially when unaware of the methods used. And I would never presume a site to be safe even if the scan reported so.

This system did reveal 3 low level security risks I did not detect with Nikto and Nessus.
However as I am a novice, this could have been a result of my lack of skill in using these tools.

mrx

Michael Holstein wrote:
>> This definitely sounds like a clueless federal agent.
>> Especially since he uses an autogenerated email address.
> 
> Yeah, because government employees want to state on-the-record from
> their @leo.gov email address that "China is bad, m'kay?". Actually, in
> all my (informal) contacts with FBI folks, I've never had one of them
> say to use their "official" email address, it's always Gmail (or
> something else) with PGP at the client side.
> 
> By the way, the FBI folks I've dealt with have been anything but
> clueless. It's the local barny-fife types that provide the hilarity.
> 
>> Get with the program........the internet is wide open for people to scan.
> 
> True, but when I see a bunch of *unsolicited* scans I know they're
> malicious. You're asking for them, and then you don't know what happens
> to the results.
> 
> It's not paranoia when they really *are* out to get you.
> 
> Cheers,
> 
> Michael Holstein
> Cleveland State University
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS0YkH7Ivn8UFHWSmAQJhWggAz6bp8jWs+9L4KxZEJ5oBpH5PThUyO5HP
dXkw6HG9MMjyzCIRqe/AAXwoRC/qouh/bKwChPd6llBtZTcR2ZkqABhC5m7PDrXD
EBpXSHmwXlXDO6lFezPK9EGUdovPbnId7hpeZOjHY4QWwPtEwv+kxZfb16hhJt6y
5qlsSrJhosIpijWyZyt/MsG+VxDvLTY7UO1xXUKQ170d6+ZVOsYYSMbJxRd0moX3
W4ZTKHx5LvlTEwgp7zC+fu6p51BSA8uMIl3a282HalCVupd5hJHdpkoP7nbv0AO5
SeZ/kJ4O01GcN2ai9W8hXDzinY4k9SHsUioopVk/26GWENIzYmCBMw==
=2Th7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ