On June 20, 2022 at 18:01 jhellent...@dataix.net (J. Hellenthal) wrote: > > To what extent and to whom will you authorize to do that? 100 random college > students? X number of new security firms? At some point it will break.
Define "authorize". > > -- > J. Hellenthal > > The fact that there's a highway to Hell but only a stairway to Heaven says a > lot about anticipated traffic volume. > > > On Jun 20, 2022, at 17:04, b...@theworld.com wrote: > > > > > > It seems to me there's vulnerability testing and there's vulnerability > > testing and just lumping them all together motivates disparate > > opinions. > > > > For example it's one thing to perhaps see if home routers > > login/passwords are admin/admin or similar, or if systems seem to be > > vuln to easily exploitable bugs and reporting such problems to someone > > in charge versus, say, hammering at some network to see when/if DDoS > > mitigation kicks in. > > > > For example I've gotten email in the past that some of my servers were > > running ntp in a way which makes them vuln to being used for DDoS > > amplification and, I believe, fixed that. I didn't mind. > > > > Anyhow, you all probably get my point without further hypotheticals or > > examples. > > > > Scanning for known vulns and reporting can be ok, testing to > > destruction? Not so much. > > > > -- > > -Barry Shein > > > > Software Tool & Die | b...@theworld.com | > > http://www.TheWorld.com > > Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD > > The World: Since 1989 | A Public Information Utility | *oo* -- -Barry Shein Software Tool & Die | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
