Full Disclosure mailing list archives
Re: What can a Remote Vulnerability Scanner do in Future?
From: Alice Bryson <abryson () bytefocus com>
Date: Tue, 7 Feb 2006 15:20:10 +0800
hi, there Most of vulnerabilities are also remotely exploitable although enhanced security configuration and firewall enabled. For example, an IE flaw will cause pc's registry modified when the host browse some malicious website. Client-Server model is a considerable solution. But our product is a firmware box, it's not convenient for such a product to convey a client agent software. Anybody did research on how to by windows xp sp2 security config to read Registry? Like Windows 2000 or Windows xp sp1, remote scanner could get Registry and file versions with only an administrative username/password provided? 2006/2/6, Michael Holstein <michael.holstein () csuohio edu>:
But Windows XP with sp2 enhance the security configuration and block these checking way. So we can not do local check on Windows XP sp2 except ask customers to do a lot of complex configuration.Well, with the enhanced security configuration and firewall enabled, the vulnerability is no longer "remotely exploitable", is it? If you want to check for local vulnerabilities, you'll to run something client-side. There's at least a half-dozen ways to do this in a domain model (eg: GPO or logon scripts) -- but in a standalone environment, you'll need an agent of some type. Cheers, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What can a Remote Vulnerability Scanner do in Future? Alice Bryson (Feb 05)
- Re: What can a Remote Vulnerability Scanner do in Future? Michael Holstein (Feb 06)
- Re: What can a Remote Vulnerability Scanner do in Future? Alice Bryson (Feb 06)
- Re: What can a Remote Vulnerability Scanner do in Future? Tim Nelson (Feb 12)
- Re: What can a Remote Vulnerability Scanner do in Future? Aaron (Feb 15)
- Re: What can a Remote Vulnerability Scanner do in Future? Michael Holstein (Feb 06)