Am 10.04.2018 um 19:39 schrieb Alex Smirnoff:
> I dare to say any "external security audit" which considers that being a
> problem is pefromed by morons that should be replaced ASAP.

you have no idea from the real world

external audits are typically ordered by customers and done by
independent companies, they have checklists and when you are too stupid
to get your shit done you are wrong at your place - it#s really that simple

> No, I won't get fired, for sure. And I won't work for any employer where
> I could get fired for standing my point.

frankly you should get fired for that idiot discussion showing that you
are a moron too stupid for set a simple override or get your fucking
internal CA to a state-of-the-art setup

what the hell are you argue here?

fix your shit or tell OpenVAS that the shit is OK and until you learned
to operate your mail-client (no need for a private copy) by silent

> On Tue, Apr 10, 2018 at 05:16:43PM +0200, Reindl Harald wrote:
>>
>>
>> Am 10.04.2018 um 17:12 schrieb Alex Smirnoff:
>>> Could you elaborate an attack scenario that depends on root certificate
>>> signature?
>>>
>>> The job of security scanner is not to point at any shit, it is to point
>>> at dangerous shit.
>>
>> it's job is to point out shit which would lead to not survive a external
>> security audit where you get simply fired when you argue like that so
>> that you can fix your crap before
>>
>> in the time you are complaining here instead make the needed overrides
>> you could have replaced your crap all over the infrastructure easily
>>
>> and if it's not doable in that time your infrastructure is crap because
>> nobody gave a shit thinking about automated certificate replacement /
>> deplyoment
>>
>>> On Mon, Apr 09, 2018 at 10:26:54AM +0200, Reindl Harald wrote:
>>>> jesus add a override and you are done
>>>>
>>>> MD5/SHA1 certificates are shit and it's th ejob of a security scanner to
>>>> point that out - for anything which you don't want to see local
>>>> overrides are the way to go
>>>>
>>>> Am 07.04.2018 um 18:32 schrieb Alex Smirnoff:
>>>>> Huh?
>>>>>
>>>>> It is relevant. But it is irrelevant for anything that is self-signed.
>>>>> Isn't it obvious?
>>>>>
>>>>> On Thu, Mar 29, 2018 at 08:41:25PM +0200, Reindl Harald wrote:
>>>>>>
>>>>>>
>>>>>> Am 29.03.2018 um 20:29 schrieb Alex Smirnoff:
>>>>>>> Could you elaborate, exactly how weak hash could matter for self-signed
>>>>>>> certificate? Without vague references like "if you don't want to trust
>>>>>>> the NSA and NIST". I do not see any of those organisations stating that
>>>>>>> weak hash is dangerous for a situation where signature itself is
>>>>>>> irrelevant
>>>>>>
>>>>>> if the signature is irrelevant why do you use https at all?
>>>>>> WTF!
>>>>>>
>>>>>> there is no technical difference between your self-signed stuff or
>>>>>> certificates signed by a public CA except that you *one time* need to 
>>>>>> make
>>>>>> an exception in the client
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to