Cyrus Banner

Greg A. Woods woods at
Thu Jun 16 21:33:30 EDT 2005

[ On Thursday, June 16, 2005 at 13:29:01 (+0200), Christian Cernuschi wrote: ]
> Subject: Re: Cyrus Banner
> Someone where i work asked somebody else to run a security check with
> nessus.Nessus reports this as a minor problem.

Nessus isn't a "security checker" -- it's a lame-brained bass-ackwards
poor excuse for wasting time and resources.

> I know that it doesn't solve anything but it would be better for a clean
> report. (no comment)

Ineed.  Any idiot who believes reducing the Nessus warnings will do them
any good deserves far more trouble than they'll likely ever get.

A proper exploit just gets the job done -- anyone running Nessus just
sticks their head in the sand and more often than not just ignores the
ongoing exploits.

The really funny thing though is when third-party auditors claim
exploits when their Nessus reports show "exploitable" version numbers,
even though the actual running software was patched months ago.  :-)
It's a great excuse to not pay them and to tell them to go bugger off
get a real job that they're qualified for, such as digging ditches.

						Greg A. Woods
						Planix, Inc.

<woods at>     +1 416 489-5852 x122
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list