Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] What can a Remote Vulnerability Scanner do in Future?

from [Alice Bryson] Network Security [Permanent Link]
Subject: [Full-disclosure] What can a Remote Vulnerability Scanner do in Future?
Date: Mon, 6 Feb 2006 15:32:38 +0800 
hi there:
    I'm engaged in design a Remote Vulnerability Scanner. We have done
a non-preemptive multithread engine and written almost 2000
vulnerability plugins. Each one of plugins according to one CVE ID.
    After we done these work, we get confused and don't know what to
do. first, although Microsoft release several security issue every
month, most of them are local. What our Remote Vulnerability Scanner
could do is just login in remote Windows host via SMB protocol and do
Registry of file version check. These could be done on some Windows
with SMB username/password provided. But Windows XP with sp2 enhance
the security configuration and block these checking way. So we can not
do local check on Windows XP sp2 except ask customers to do a lot of
complex configuration.
    Eeye scanner could not do remote local check too. So I am consider
what can Remote Vulnerability Scanner do? Will this thing disappear in
the future?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability, labs-no-reply@idefense.com
Next by Date:  [Full-disclosure] [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability, XFOCUS Security Team
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability, labs-no-reply@idefense.com
Next by Thread:  [Full-disclosure] Re: What can a Remote Vulnerability Scanner do in Future?, Tim Nelson
Indexes:  [Date] [Thread] [Top] [All Lists]