[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
- From: Ow Mun Heng <Ow Mun Heng wdc com>
- To: For users of Fedora Core releases <fedora-list redhat com>
- Subject: Re: OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
- Date: Thu, 02 Dec 2004 10:44:34 +0800
On Wed, 2004-12-01 at 10:21, Alexander Dalloz wrote:
> Am Mi, den 01.12.2004 schrieb Rahul Sundaram um 2:15:
>
> > > Its a false positive. Lame tools just checking for application version
> > > numbers bring lame results.
>
> > whats the alternative?
>
> > Rahul Sundaram
>
> Good question - next one ;) Seriously, from my observation such tools
> alerting based on version numbers (nessus is such a application too)
> make unexperienced users uncertain.
I agree
> Experienced users don't profit by
> such tests, they know where to look for the (in)security reports and how
> to find out whether the own applications are safe because up to date
> (either because self compilations or using distribution packages which
> are patched).
One can always use the rpm -q --changelog packagename .
> Maybe pointing user's attention to possible security issues is not that
> bad at all as it may rise up sensibility. But too much false positives
> then are counter productive, I fear.
Well, at least i they are new, then the question should be asked. Or at
least googled.
>
> Regards
>
> Alexander
--
Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz
Neuromancer 20:13:12 up 22 min, 1 average: 0.18, 0.16, 0.17
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]