[en] Nessus and the art of bullshit
Once upon a time, another of my favourite competitors wanted to check if the Windows machines that he was auditing were up to date with security patches.
For whatever reason, he could not start his laptop on Unix (maybe he just could not install Unix, like so many 3L33T security consultants) so he booted a Knoppix or Auditor Live CD, ran Nessus and said "all clear".
There is one little problem: GPL live CD use GPL Nessus, and nearly all Windows tests are © Tenable, they are not included in the GPL Live CDs, as they are available through the direct feed.
It was no use running the test, we already know the result: no problem.
People actually pay for this kind of "audit". Isn't it amazing?
For whatever reason, he could not start his laptop on Unix (maybe he just could not install Unix, like so many 3L33T security consultants) so he booted a Knoppix or Auditor Live CD, ran Nessus and said "all clear".
There is one little problem: GPL live CD use GPL Nessus, and nearly all Windows tests are © Tenable, they are not included in the GPL Live CDs, as they are available through the direct feed.
It was no use running the test, we already know the result: no problem.
People actually pay for this kind of "audit". Isn't it amazing?
1 Comments:
Sooner or later, those dumbass Nessus customers will tell you : dah critical server of mine was pirated cause it had that so famous fatal flaw Nessus didnt' find. I even pais the best network specialist (who happened to be someone's nephew) from the best renowned blah.
And this day, you'll regret that Nessus famous brand will be blown apart by those dumbass customer you have.
Maybe you should prohibit the use of the nessus brand for Nessus's GPL branch. Call it "Freenessus", and enforce Nessus brand
Post a Comment
<< Home