Am Mi, den 01.12.2004 schrieb Rahul Sundaram um 2:15: > > Its a false positive. Lame tools just checking for application version > > numbers bring lame results. > whats the alternative? > Rahul Sundaram Good question - next one ;) Seriously, from my observation such tools alerting based on version numbers (nessus is such a application too) make unexperienced users uncertain. Experienced users don't profit by such tests, they know where to look for the (in)security reports and how to find out whether the own applications are safe because up to date (either because self compilations or using distribution packages which are patched). Maybe pointing user's attention to possible security issues is not that bad at all as it may rise up sensibility. But too much false positives then are counter productive, I fear. Regards Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 03:20:42 up 10 days, 22:08, load average: 0.23, 0.49, 0.55
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
