Forwarded from: Jay D. Dyson <[EMAIL PROTECTED]>

Hash: SHA1

Forwarded with permission of Renaud Deraison.

- ---------- Forwarded message ----------
Date: Fri, 17 May 2002 19:57:22 +0200
From: Renaud Deraison <[EMAIL PROTECTED]>
Subject: Re: "Nessus calls home"

On Wed, May 08, 2002 at 04:50:09PM +0200, Renaud Deraison wrote:
> I attended CanSecWest last week and I was told there were rumors of
> people complaining about Nessus "calling home" when doing a scan.

Thanks to everyone who replied to me on this issue. I was surprisingly
overwhelmed with answers, so please forgive me if I did not reply to you

So sum up the replies : a vast majority of people don't care, but everyone
agreed that a user-defineable third party domain was the way to go.

In Nessus 1.2.1 (or the current CVS snapshot), a new option now appears in
the 'plugin prefs' tab, and is set to "" by default. Users can
change it to something else, so privacy issues should be somewhat

I modified more plugins than what I thought would be necessary - I'd like
to thanks Thomas Reinke for sending me a list of plugins that used
"" in one way or another (there were more than what I thought,
mostly because of lazyness on my part). People interested in the full list
can go to and look for the plugins whose commit log is

While I apologize to those who have felt threatened by this issue, I
sincerely regret the fact that they did not voice their concerns directly
to me (even though I was attending CanSecWest, and the person who spread
the rumor too), and prefered to go the sneaky way about this. 

Hopefully, the incident is over in CVS, and will be in Nessus 1.2.1. 

                                -- Renaud

Version: GnuPG v1.0.7 (TreacherOS)
Comment: See for current keys.


ISN is currently hosted by

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.

Reply via email to