[Dshield] Re: eEye CodeRedScanner.exe (was: Code Red Reinfection After Patch Installed)

Patrick Mueller pmueller at neohapsis.com
Thu Jul 26 18:25:48 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 23 Jul 2001 security at admin.fulgan.com wrote:

> EEyes has a code red vulnerability scanning tool that you can 7use to
> check wether your server really is patched.

Anybody else find it annoying that it is binary only? This flies in the
face of security concepts such as reviewing free code downloaded from the
Internet.

There is a legal component to this as well. If you're *buying* binary-only
code from a commercial organization, you do have some (not much) of an
implied warranty that could be potentially pursued in court. With free
software, AFAIK, this is not possible.

And yes, I suppose if I were pressed, I'd admit that I do trust any code
that eEye would push out.

I'm probably getting off-topic here, so I'll sign off now..

- -- 
	-- Patrick, getting annoyed at eEye lately

- -------------------------------------------------------------------------
Patrick Mueller    --   Security Analyst   --    <pmueller at neohapsis.com>
                  Neohapsis <www.neohapsis.com>


-----BEGIN PGP SIGNATURE-----
Comment: Key available at http://pgp.mit.edu

iD8DBQE7YGCuW5zvMHNPjVMRAnRLAJ4/54tyuaBJ6BC6M0e9xhhU1/pmywCeL0Ha
iBuftMkV5Lsw4fPoATYMCOA=
=x0kk
-----END PGP SIGNATURE-----




More information about the list mailing list