Forwarded from: Jay D. Dyson <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forwarded with permission of Renaud Deraison. - ---------- Forwarded message ---------- Date: Fri, 17 May 2002 19:57:22 +0200 From: Renaud Deraison <deraisonat_private> To: nessusat_private Subject: Re: "Nessus calls home" On Wed, May 08, 2002 at 04:50:09PM +0200, Renaud Deraison wrote: > I attended CanSecWest last week and I was told there were rumors of > people complaining about Nessus "calling home" when doing a scan. Thanks to everyone who replied to me on this issue. I was surprisingly overwhelmed with answers, so please forgive me if I did not reply to you personnaly. So sum up the replies : a vast majority of people don't care, but everyone agreed that a user-defineable third party domain was the way to go. In Nessus 1.2.1 (or the current CVS snapshot), a new option now appears in the 'plugin prefs' tab, and is set to "nessus.org" by default. Users can change it to something else, so privacy issues should be somewhat resolved. I modified more plugins than what I thought would be necessary - I'd like to thanks Thomas Reinke for sending me a list of plugins that used "nessus.org" in one way or another (there were more than what I thought, mostly because of lazyness on my part). People interested in the full list can go to cvs.nessus.org and look for the plugins whose commit log is "privacy". While I apologize to those who have felt threatened by this issue, I sincerely regret the fact that they did not voice their concerns directly to me (even though I was attending CanSecWest, and the person who spread the rumor too), and prefered to go the sneaky way about this. Hopefully, the incident is over in CVS, and will be in Nessus 1.2.1. -- Renaud -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE85p/5GI2IHblM+8ERAjRDAJ9vMkip1mnHTHLtuzHkNAi0swb+bACfZjpK Tqb+X88SSFdYy0iV/wJt5pY= =cMBR -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 06:10:11 PDT