GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Peter Krefting (nafmo@social.vivaldi.net)'s status on Wednesday, 26-Mar-2025 06:17:02 JST Peter Krefting Peter Krefting
    in reply to
    • Olivier Forget

    @teleclimber Yes. Most security scanners (Pentesters) are that stupid.

    I speak from experience, trying to tell customers that just because it said the server they installed have a vulnerable version of something or other installed, that's not actually the case.

    The ones that *actually* try to break stuff (like using known issues, fuzzing input and such) are great, though. Use those.

    In conversation about 7 days ago from social.vivaldi.net permalink
    • Embed this notice
      Olivier Forget (teleclimber@social.tchncs.de)'s status on Wednesday, 26-Mar-2025 06:17:03 JST Olivier Forget Olivier Forget

      Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?

      Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.

      https://security-tracker.debian.org/tracker/CVE-2023-38408

      Is this a common problem for people running Debian servers?

      In conversation about 7 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.