From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Tue Aug 09 2005 - 05:15:44 EDT
security curmudgeon wrote:
> : Trust security vulnerability databases and sources for the common stuff
> : (i.e. wide-spread applications such as web servers or operating
> : systems), don't trust them to be accurate when dealing with uncommon
> : stuff only fortune 100 companies use.
>
> Have you actually looked at the VDBs lately? This comment makes me think
> you haven't.
I use them in a regular basis. I'm going to push my point with a few
questions: what vulnerabilities related to WebSeal (Tivoli
Authentication Manager) do you find in your favorite VDBs? There are
more relevant vulnerabilities published in _public_ product release
notes (available online), much more than just those in VDBs
(CAN-2001-1191 and CVE-2001-0982 if you care to look).
And there's a lot of widespread software that does not provide public
information of security fixes (not even release notes are available
online). Just to pick one, how about the Tibco suite? How many
vulnerabilities you find in your favorite VDB?
These are just a few I've been involved with audits in the past. My
experience in those audits drives the comments in my previous e-mail.
Regards
Javier
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:43 EDT