Re: ISS Internet Scanner Cannot be relied upon for conclusive

From: David LeBlanc (dleblancat_private)
Date: Tue Feb 09 1999 - 08:05:25 PST

Next message: blkadderat_private: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"

Previous message: Stephen M. Milton: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: blkadderat_private: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:46 AM 2/8/99 -0500, Chris Brenton wrote:
>Many security audit tools that I've tested would in fact say that the
>system is safe because SP4 has been installed. This is because instead
>of checking file dates, they are looking for registry keys which
>identify what patches have been loaded on the system.
>
>I personally can not say if ISS's scanners fall into the same boat, but
>from my testing I know many do.

We check file dates when checking for NT patches, and would catch your
example.


David LeBlanc
dleblancat_private

Next message: blkadderat_private: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Previous message: Stephen M. Milton: "Re: Microsoft Access 97 Stores Database Password as Plaintext"
Next in thread: blkadderat_private: "Re: ISS Internet Scanner Cannot be relied upon for conclusive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:19 PDT