[Openvas-discuss] Private or Corporate CAs

Alex Smirnoff ark at eltex.net
Wed Apr 11 15:21:12 CEST 2018

On Tue, Apr 10, 2018 at 10:16:39PM +0200, Reindl Harald wrote:
> Am 10.04.2018 um 19:39 schrieb Alex Smirnoff:
> > I dare to say any "external security audit" which considers that being a
> > problem is pefromed by morons that should be replaced ASAP.
> you have no idea from the real world
> external audits are typically ordered by customers and done by
> independent companies, they have checklists and when you are too stupid
> to get your shit done you are wrong at your place - it#s really that simple

Man, I work in information security for fscking 30 years. I got my first
CSO job at 1996. And i spent significant share of those years kicking checklist moron's asses.
It is that simple!

> > No, I won't get fired, for sure. And I won't work for any employer where
> > I could get fired for standing my point.
> frankly you should get fired for that idiot discussion showing that you
> are a moron too stupid for set a simple override or get your fucking
> internal CA to a state-of-the-art setup
> what the hell are you argue here?

Show. Me. A. Real. Attack. Scenario. Where. It. Matters.

Then I would fix. "Because OpenVAS does not like it" may be good enough
reason if a person who does the scans asks politely. But only in that

> fix your shit or tell OpenVAS that the shit is OK and until you learned
> to operate your mail-client (no need for a private copy) by silent

Ok, ok, my fault ;-)

More information about the Openvas-discuss mailing list