Are CMS Detectors Legal?

scottalanmiller

@masterarts said in Are CMS Detectors Legal?:

@coliver May I see some examples of such security applications FOSS based.

Nessus, AlienVault, pretty much all pen testing tools. Security and open source go hand in hand. Closed source is, itself, a security problem as it is an attempt to use obscurity for security, the antithesis of security.

stacksofplates

@scottalanmiller said in Are CMS Detectors Legal?:

@masterarts said in Are CMS Detectors Legal?:

@coliver May I see some examples of such security applications FOSS based.

Nessus, AlienVault, pretty much all pen testing tools. Security and open source go hand in hand. Closed source is, itself, a security problem as it is an attempt to use obscurity for security, the antithesis of security.

Nessus is closed now, but OpenVAS is another popular one (and I think a fork of Nessus?).

scottalanmiller

@stacksofplates said in Are CMS Detectors Legal?:

@scottalanmiller said in Are CMS Detectors Legal?:

@masterarts said in Are CMS Detectors Legal?:

@coliver May I see some examples of such security applications FOSS based.

Nessus, AlienVault, pretty much all pen testing tools. Security and open source go hand in hand. Closed source is, itself, a security problem as it is an attempt to use obscurity for security, the antithesis of security.

Nessus is closed now, but OpenVAS is another popular one (and I think a fork of Nessus?).

Then Nessus is dead to me

FiyaFly

@scottalanmiller said in Are CMS Detectors Legal?:

Nessus

Via SlashDot:
Posted by CmdrTaco on Thursday October 06, 2005 @04:02PM from the say-it-ain't-so dept.
JBOD writes
"As reported at news.com, the makers of the popular security tool Nessus are closing its source code. Although it will will remain free as in beer, Nessus is dropping the GPL license for the upcoming version 3 of the software. The problem appears to be that Tenable Network Security (the company which primary author Renaud Deraison founded around Nessus) isn't making money because it's competition is simply repackaging their product. Deraison's writes "A number of companies are using the source code against us, by selling or renting appliances, thus exploiting a loophole in the GPL. So in that regard, we have been fueling our competition, and we want to put an end to that." He also notes that the OSS community has contributed very little to Nessus in the past six years, so they were reaping no benefit from using the GPL."
Update: 10/06 22:48 GMT by CN : Nessus' Renaud Deraison wrote me to let me know that the company is "good money-wise," but has become annoyed with competitors repackaging their product.

Apparently you're 11 years behind on that news, Scott.

scottalanmiller

@FiyaFly said in Are CMS Detectors Legal?:

@scottalanmiller said in Are CMS Detectors Legal?:

Nessus

Via SlashDot:
Posted by CmdrTaco on Thursday October 06, 2005 @04:02PM from the say-it-ain't-so dept.
JBOD writes
"As reported at news.com, the makers of the popular security tool Nessus are closing its source code. Although it will will remain free as in beer, Nessus is dropping the GPL license for the upcoming version 3 of the software. The problem appears to be that Tenable Network Security (the company which primary author Renaud Deraison founded around Nessus) isn't making money because it's competition is simply repackaging their product. Deraison's writes "A number of companies are using the source code against us, by selling or renting appliances, thus exploiting a loophole in the GPL. So in that regard, we have been fueling our competition, and we want to put an end to that." He also notes that the OSS community has contributed very little to Nessus in the past six years, so they were reaping no benefit from using the GPL."
Update: 10/06 22:48 GMT by CN : Nessus' Renaud Deraison wrote me to let me know that the company is "good money-wise," but has become annoyed with competitors repackaging their product.

Apparently you're 11 years behind on that news, Scott.

It's been a LONG time since I looked at it.

stacksofplates

We use it. It seems fine so far.

masterarts

@scottalanmiller Yeah Nessus is dead.

IRJ

It's not illegal to scope a home to break into from the sidewalk. That is basically how the law works with scanning. You can scan all day long, and on the security side it is not uncommon to see scans hitting your DMZ constantly. I see NMAP scans running all day. You also will see Open-vas and webscanners hitting your DMZ all day.

IRJ

OpenVas is a great tool, but the GUI is one of the worst I have seen.

stacksofplates

@IRJ said in Are CMS Detectors Legal?:

OpenVas is a great tool, but the GUI is one of the worst I have seen.

Ya. What's with the lady in the scan area? The reports are also not great.

IRJ

@stacksofplates said in Are CMS Detectors Legal?:

@IRJ said in Are CMS Detectors Legal?:

OpenVas is a great tool, but the GUI is one of the worst I have seen.

Ya. What's with the lady in the scan area? The reports are also not great.

Yeah she really annoys me. She has to be the most annoying thing about the GUI. The reports have good information but the format isn't great. They aren't well organized and they don't have pretty images.

stacksofplates

@IRJ said in Are CMS Detectors Legal?:

@stacksofplates said in Are CMS Detectors Legal?:

@IRJ said in Are CMS Detectors Legal?:

OpenVas is a great tool, but the GUI is one of the worst I have seen.

Ya. What's with the lady in the scan area? The reports are also not great.

Yeah she really annoys me. She has to be the most annoying thing about the GUI. The reports have good information but the format isn't great. They aren't well organized and they don't have pretty images.

Haha yes! I never looked into it but they look like LaTeX documents, so I can understand why they did it that way.