service version disclosure
Sam Varshavchik
mrsam at courier-mta.com
Sat Jan 7 14:43:06 UTC 2012
Reindl Harald writes:
> Am 07.01.2012 06:35, schrieb Digimer:
> >> if you have a big customer which hires a 3rd party auditor
> >> you are NOT in the poisiton to give such arguments or
> >> you can give them but you can not change ANYTHING in
> >> the fact that finally "fix it or shutdown the service"
> >> is what you have to do
> >
> > If you have a "security expert" who can't grasp the concept of
> > back-ported bug fixes, and is unwilling to test for specific
> > vulnerabilities' existence, it's time to get a new expert.
>
> you are missing the point A BIG CUSTOMER has a security-expert
Tell your customer to ask for their money back. Offer to set up a test
server that their fustercluck of a scanner will claim to be vulnerable, yet
is not.
Or, better yet, tell your customer that you'll be happy to set up a server
that'll pass their nonsense of a scan, yet is vulnerable to some old exploit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120107/3205bdb5/attachment.sig>
More information about the devel
mailing list