Email or username:

Password:

Forgot your password?
Stefano's posts Post Back to profile
Top-level
quoll

@stefano lol, they always tell me that my distro version of ssh is out of date bc their dumb scanner (and evidentially the security genius pressing the scan button and forwarding the OMG VULNERABILITY! report to the boss) doesn't know what a back-ported patch is.

network security is such a weird industry, so many amazing and talented ppl on mastodon... never have i encountered one at $DAY_JOB.

22 July at 10:39 | Wall-to-wall | Open on mastodon.sdf.org
2 comments
apgarcia

@quoll @stefano yes!! I despise nessus for this reason. Always having me chase down proof that a vulnerability has been fixed, instead of security doing their homework.

22 July at 14:32 | Open on fosstodon.org
Jyrgen N

@quoll @stefano Back-ported patches are indeed a nuisance in terms of security assessment. But of course it doesn't help to be stupid about the fact.

(And I won't dispute that OSs like that have their place. Like for systems where a difficult or expensive to obtain certification is tied to a specific OS version.)

23 July at 11:54 | Open on mas.to
Go Up