Hi everyone,
does anyone here use Verinice integration for any practical purpose, or
was it just a government-sponsored compliance oriented project that
turned out not to be really applicable for real life? Could you please
share your impressions?
___
O
Just out of the curiosity, which NVT was that?
On Thu, Apr 26, 2018 at 06:40:03AM -0400, Louis Bohm wrote:
>
> I have only once encountered a case where the endpoint even noticed the scan.
> And that in itself was a total fluke that I was even alerted to it. One of
> the NVT checks actually c
luding the public key in the local store, so it
cannot be spoofed.
On Wed, Apr 11, 2018 at 03:50:35PM +0200, Reindl Harald wrote:
>
> Am 11.04.2018 um 15:21 schrieb Alex Smirnoff:
> > On Tue, Apr 10, 2018 at 10:16:39PM +0200, Reindl Harald wrote:
> >> what the hell are you ar
On Tue, Apr 10, 2018 at 10:16:39PM +0200, Reindl Harald wrote:
>
>
> Am 10.04.2018 um 19:39 schrieb Alex Smirnoff:
> > I dare to say any "external security audit" which considers that being a
> > problem is pefromed by morons that should be replaced ASAP.
>
6:43PM +0200, Reindl Harald wrote:
>
>
> Am 10.04.2018 um 17:12 schrieb Alex Smirnoff:
> > Could you elaborate an attack scenario that depends on root certificate
> > signature?
> >
> > The job of security scanner is not to point at any shit, it is to point
>
If it asks "Are you alive? Prove it!" then it might be more scary. Even
if it is a printer, not a toaster ;-)
On Mon, Apr 09, 2018 at 07:05:46PM +, Stewart Joseph wrote:
> You must admit, there is more than a touch of ironic humor there. I ran a
> scan of a Deli's network and when it hit the
MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
> point that out - for anything which you don't want to see local
> overrides are the way to go
>
> Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
> > Huh?
> >
> > It is relevant. But
Huh?
It is relevant. But it is irrelevant for anything that is self-signed.
Isn't it obvious?
On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>
>
> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
> > Could you elaborate, exactly how weak hash could ma
Could you elaborate, exactly how weak hash could matter for self-signed
certificate? Without vague references like "if you don't want to trust
the NSA and NIST". I do not see any of those organisations stating that
weak hash is dangerous for a situation where signature itself is
irrelevant.
On Fri
Or (better) put a slave scanner behind NAT.
On Thu, Dec 14, 2017 at 09:48:48AM +, Thijs Stuurman wrote:
>
> > is it posiible to work with NAT?
>
> Yes, but stuff won't function correctly or at all. If you are stuck
> somewhere, use a VPN tunnel.
_
Everything is possible, depends on your requirements, expectations and
effort invested ;-)
Could you please be more specific?
On Mon, Nov 27, 2017 at 11:56:29AM +0100, trazomtg wrote:
> Hi,
>
> must Openvas be installed on a dedicated machine?
>
> is it possible to make a discovery without inst
Hi,
Yes, the ifconfig part which is omitted by now ;-)
I think the more appropriate behaviour for the package list is just to
ignore the distro and dump all rpm/dpkg data we have. It never hurts,
right? And would work for other dpkg/rpm based distributions with no
modification.
I think we need a
12 matches
Mail list logo
