Employee: "Uh oh, looks like The Bobs are in town. I better get my
resume updated!
-mb
On 06/21/2015 09:42 AM, George Toft wrote:
I
had a problem like that in 2005. Fancy, high-falutin' Beltway
Bandits (from Wash DC) came to scan our servers. I got called in
(taken from my normal busy routine) to address their concerns . .
.
Bandit: "Yes, we see you have over 1200 Apache servers in the
environment."
All eyes look at me.
Me: "We don't run Apache here."
You could hear a pin drop, which in a carpeted room, means it got
real quiet. The three bandits huddle together questioning their
data.
Bandit: "Could you explain?"
Me: "We use IBM HTTP Server."
More bandit discussions. "OK, thank you. We'll let you know if
there is anything else."
===================
Then there's the every two year audit question: "Please explain
how LDAP enforces password change policy . . ." What? Do you
think this is Active Directory? Sigh . . .
Lolz.
Regards,
George Toft
On 6/12/2015 10:14 AM, Keith Smith wrote:
I do some work on a couple CentOS 6.6 servers. Payment Card
Industry (PCI) scans seem to always see the server as
vulnerable. I've have to submit for a review since the server is
not really vulnerable.
I don't think a lot of people understand how RHEL maintains it's
packages. I know I did not for a long time. RedHat backports
vulnerability fixes while maintaining the original version
number.
Here is a great explanation :
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Keith
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss