On Monday 18 July 2011 at 11:43 Marcus Meissner wrote:
Presumably there are no 'gotchas' if we install the factor version on 11.3? It will probably turn out to be easier than convincing securitymetrics that their scanner is wrong.
Try it, if it works you will know immediatey, if it does not also...
:-)
You should really push back, otherwise they will come back and back and back....
Oh yes. These guys even fail you for running an ftp server. Despite the fact that the failure report acknowledges that a correctly configured ftp server is not a security risk. (And, of course, we are running vsftp.) And the latest scan fails us for various XSS errors that they claim are PHP based. In fact the site is running on Python :-) They are probably right about the XSS vulnerability but one tends to lose confidence in them because they add so much bullshit.
Treaten to get a different auditor with more clues.
I wish. I think they were chosen by the bank. Paul -- Paul Reeves -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org