Scanning the Internet for Vulnerabilities

• Previous message (by thread): Scanning the Internet for Vulnerabilities
• Next message (by thread): Scanning the Internet for Vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To what extent and to whom will you authorize to do that? 100 random college students? X number of new security firms? At some point it will break.

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

> On Jun 20, 2022, at 17:04, bzs at theworld.com wrote:
> 
> 
> It seems to me there's vulnerability testing and there's vulnerability
> testing and just lumping them all together motivates disparate
> opinions.
> 
> For example it's one thing to perhaps see if home routers
> login/passwords are admin/admin or similar, or if systems seem to be
> vuln to easily exploitable bugs and reporting such problems to someone
> in charge versus, say, hammering at some network to see when/if DDoS
> mitigation kicks in.
> 
> For example I've gotten email in the past that some of my servers were
> running ntp in a way which makes them vuln to being used for DDoS
> amplification and, I believe, fixed that. I didn't mind.
> 
> Anyhow, you all probably get my point without further hypotheticals or
> examples.
> 
> Scanning for known vulns and reporting can be ok, testing to
> destruction? Not so much.
> 
> -- 
>        -Barry Shein
> 
> Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*

• Previous message (by thread): Scanning the Internet for Vulnerabilities
• Next message (by thread): Scanning the Internet for Vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]