-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hassan,
On 1/23/14, 11:08 AM, Hassan Schroeder wrote: > On Thu, Jan 23, 2014 at 7:09 AM, Stephan Fletcher > <sfletc...@bohrensmoving.com> wrote: >> It's a third party that is running the scan. > > I've dealt with similar nonsensical "compliance scans" before, and > my response was: > > "You believe you can PUT or DELETE files on this installation?" > > ** makes popcorn ** > > "Please proceed. I'll sit here and watch. Take your time." > > Morons. Bane of productive peoples' existence. > > Also, a special place in hell for the writers of these > "scanners"... </rant> We should recommend that these folks file bugs against the scanner software they use. That way, the customer can sit back and make popcorn while the vendor fixes the bug. Meh, they'll probably ignore it. They get paid whether the scan is useful or not. I called-around looking for pen-testing outfits and their prices were insanely low. I asked about their methodology and they basically said they have a pen testing suite -- an automated tool. I told them thanks for their time and never bothered engaging any of them... I can run automated tools myself. Nessus just ain't that expensive. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4VHtAAoJEBzwKT+lPKRY8bIQAKiE3WQKH2Db/O/OYxsKGj9Q 2XmlJu0LPAwHrDxyvdHKZRbnHcqNimpoa04Ce5Gw6t/x+CSnmzCJ6Mzi7J0OPun6 xkTAV3dcMF6E/tp8lygeNzCpqiPexCjT0LBTWg1t+SkpeXJFcgck14ySEf2XwZfX bym+wp33v6K899Qtmq9mdHEdtTpFpwsmDXIlieYBN0sFTmsquDv+OQC4wE1aSCdH vaha+6TaUK6ua0mp//bOD9AkpPLYUp/N6OaxezfLxKo0vgk/iYeQ/eTiXhGI6Ngs BsRLvwl4PX3QSkkje7YXvALbbPnOPik9/4/WBdtQYzYd70oVreWfoPKmg2jOA5Dw aZuZxvOGM1shRmZ6nGEnLpTjhRedPDCs+/RpLDRfsG66qg+jy6IwSP916B+cUDF7 SPUA+cqBM/tMYHKMm5bDx5zrsyrlLZs1mh48iA6oC1awLl+XXDjN6il7gF657y0P 0jTCMuokR6Gyd/MPo/06MqPY7J2dRV/NPsSHk7ZkjII8BWcQq3a3m2xsjX0g9CD/ Bde6xgFtDV+lKA+SsOLUyrvbeFlLu96CQEvVmb9dKCr3frQ5Z8dOITvzYKo8+Kif N1jlVIv6+1lymHJ9Yk8XFGyO7hKY50X9xTGbQQ6J7H9Fk9a0X78zcXzSuFCNrlfn OfRMlLQQSqgmyUhUjaax =B8vG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
