Re: OSVDB 72183
On 04/10/2013 11:04 AM, Michael Gilbert wrote:
The companies that do this kind of of analysis really need to get
their act together. If you're paying them for this service, you
should really question whether you're getting any value.
For the record, the company is Trustwave. These scans are required by PCI these days - not sure I
have any choice. Every month I go through a long list of mostly the same set of false positives -
dispute them as such - until last month they would all reappear the next month. Mostly a huge waste
of time.
Most are listed with a CVE-yyyy-nnnn number - and easy to find via Debian - this was the first OSVDB
listed - I couldn't find anything connected to Debian and misread the "not". Now that it is listed
here, at least others can find it via Google.
Such scanning service would be much more valuable if it was tailored for a specific OS. I think the
only issue I've been alerted to over several years was I needed to remove some ciphers from apache.
--------------------------------------------------------------------------------
Karl Schmidt EMail Karl@xtronics.com
Transtronics, Inc. WEB http://secure.transtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
Truth is mighty and will prevail.
There is nothing wrong with this,
except that it ain't so.
--Mark Twain
--------------------------------------------------------------------------------
Reply to: