Discussion:
Sponsorship for OpenVAS documentation by Acunetix
Jan-Oliver Wagner
2014-07-17 15:34:34 UTC
Permalink
Dear OpenVAS Users,

as you might have noticed, Acunetix uses OpenVAS as a basis for their
Vulnerability Online Scanner solution [1].

Now that this solution is in place, they like to start contributing to
OpenVAS. On the one hand we are preparing upstream paths for NVT
improvements via the Greenbone NVT development team.
On the other hand Acunetix offers a sponsorship for OpenVAS documentation
writers since documentation is one of the most neglected support resources
currently.

Please get in touch with ***@openvas.org if you have a plan on writing
documentation for OpenVAS and like to apply for a sponsorship. It would be
good to provide details on the content you like to produce and provide
references to other documentation you wrote.

Of course it would be mandatory to produce public content for everyone.
Perhaps adding the content directly in the recently started OpenVAS Wiki [2].

Best regards


[1] http://www.acunetix.com/online-vulnerability-scanner/
[2] https://wiki.openvas.com
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Fabrizio Di Carlo
2014-07-17 16:40:39 UTC
Permalink
Hi Jan, all,

as I wrote both to you and to the list (devel and users) I'm writing a
book on OpenVAS7. Do you think I can fit inside the requirements or
no?

Regards,
Fabrizio

On Thu, Jul 17, 2014 at 5:34 PM, Jan-Oliver Wagner
Post by Jan-Oliver Wagner
Dear OpenVAS Users,
as you might have noticed, Acunetix uses OpenVAS as a basis for their
Vulnerability Online Scanner solution [1].
Now that this solution is in place, they like to start contributing to
OpenVAS. On the one hand we are preparing upstream paths for NVT
improvements via the Greenbone NVT development team.
On the other hand Acunetix offers a sponsorship for OpenVAS documentation
writers since documentation is one of the most neglected support resources
currently.
documentation for OpenVAS and like to apply for a sponsorship. It would be
good to provide details on the content you like to produce and provide
references to other documentation you wrote.
Of course it would be mandatory to produce public content for everyone.
Perhaps adding the content directly in the recently started OpenVAS Wiki [2].
Best regards
[1] http://www.acunetix.com/online-vulnerability-scanner/
[2] https://wiki.openvas.com
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
"The intuitive mind is a sacred gift and the rational mind is a
faithful servant. We have created a society that honors the servant
and has forgotten the gift." (A. Einstein)

"La mente intuitiva è un dono sacro e la mente razionale è un fedele
servo. Noi abbiamo creato una società che onora il servo e ha
dimenticato il dono." (A. Einstein)

Fabrizio Di Carlo
Jan-Oliver Wagner
2014-07-18 07:59:26 UTC
Permalink
Post by Fabrizio Di Carlo
as I wrote both to you and to the list (devel and users) I'm writing a
book on OpenVAS7. Do you think I can fit inside the requirements or
no?
well a book is of course a far reaching nice documentation and I am glad
for any such publication.

The sponsorship has the requirement to produce content that is free to access
and free to extend, like the wiki content.
So it depends on how your arrangements about the content of the book are.

Please feel free to contact ***@openvas.org with details, questions or proposals.

Note that I have no problem with re-using public content in a book, provided the
author agrees with the re-use and the publisher agrees for non-exclusive use.

The overall goal is to have nice books as well as nice online free resources
because both is relevant for users. And this in turn helps to extend the use of
OpenVAS :-)

As a side note: Greenbone is about to publish a small manual in German language.
It is for our GSM appliances but several chapters do make sense for plain
OpenVAS as well.

Al the best

Jan
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Winfried Neessen
2014-07-18 08:55:13 UTC
Permalink
Hi Jan-Oliver,

as sponsorship is already offered by Acunetix (great product btw.), would
it be an idea to also ask for sponsorship for a valid SSL certificate
for the wiki instead of the CACert cert, that is still not supported by
any major browser?


Winni

----- Original Message -----
Sent: Friday, July 18, 2014 9:59:26 AM
Subject: Re: [Openvas-discuss] Sponsorship for OpenVAS documentation by Acunetix
Post by Fabrizio Di Carlo
as I wrote both to you and to the list (devel and users) I'm writing a
book on OpenVAS7. Do you think I can fit inside the requirements or
no?
well a book is of course a far reaching nice documentation and I am glad
for any such publication.
The sponsorship has the requirement to produce content that is free to access
and free to extend, like the wiki content.
So it depends on how your arrangements about the content of the book are.
Note that I have no problem with re-using public content in a book, provided the
author agrees with the re-use and the publisher agrees for non-exclusive use.
The overall goal is to have nice books as well as nice online free resources
because both is relevant for users. And this in turn helps to extend the use of
OpenVAS :-)
As a side note: Greenbone is about to publish a small manual in German language.
It is for our GSM appliances but several chapters do make sense for plain
OpenVAS as well.
Al the best
Jan
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 OsnabrÃŒck | AG OsnabrÃŒck, HR
B 202460
GeschÀftsfÌhrer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Eero Volotinen
2014-07-18 10:38:48 UTC
Permalink
Post by Winfried Neessen
Hi Jan-Oliver,
as sponsorship is already offered by Acunetix (great product btw.), would
it be an idea to also ask for sponsorship for a valid SSL certificate
for the wiki instead of the CACert cert, that is still not supported by
any major browser?
Eh, ssl certificate cost about 5$ per year: https://cheapsslsecurity.com

If needed, I can sponsor real ssl certificate from cheapsslsecurity.com ..

--
Eero
Jan-Oliver Wagner
2014-07-22 12:57:30 UTC
Permalink
Post by Eero Volotinen
Post by Winfried Neessen
as sponsorship is already offered by Acunetix (great product btw.), would
it be an idea to also ask for sponsorship for a valid SSL certificate
for the wiki instead of the CACert cert, that is still not supported by
any major browser?
Eh, ssl certificate cost about 5$ per year: https://cheapsslsecurity.com
If needed, I can sponsor real ssl certificate from cheapsslsecurity.com ..
red0queen provided the wiki and did all the setup.
Perhaps you can arrange directly?
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Eero Volotinen
2014-07-22 12:59:27 UTC
Permalink
2014-07-22 15:57 GMT+03:00 Jan-Oliver Wagner <
Post by Jan-Oliver Wagner
Post by Eero Volotinen
Post by Winfried Neessen
as sponsorship is already offered by Acunetix (great product btw.),
would
Post by Eero Volotinen
Post by Winfried Neessen
it be an idea to also ask for sponsorship for a valid SSL certificate
for the wiki instead of the CACert cert, that is still not supported by
any major browser?
Eh, ssl certificate cost about 5$ per year: https://cheapsslsecurity.com
If needed, I can sponsor real ssl certificate from cheapsslsecurity.com
..
red0queen provided the wiki and did all the setup.
Perhaps you can arrange directly?
Could you provide some contact information? email?

--
Eero
Jan-Oliver Wagner
2014-07-22 14:03:00 UTC
Permalink
Post by Eero Volotinen
Could you provide some contact information? email?
He posts to this list as ***@red-net.info
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
red0queen
2014-07-22 23:11:35 UTC
Permalink
Hi,

I use my personal certificate to provide encryption at the login, but I
can add another if you want give me one.

Best regards
Post by Eero Volotinen
Could you provide some contact information? email?
Eero Volotinen
2014-07-23 02:36:30 UTC
Permalink
Post by red0queen
Hi,
I use my personal certificate to provide encryption at the login, but I
can add another if you want give me one.
Best regards
Post by Eero Volotinen
Could you provide some contact information? email?
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Well, I can take care of certificate, but I possibly need approval it from:
***@spi-inc.org,
so who manages that email address?

--
Eero
Eero Volotinen
2014-07-24 10:04:12 UTC
Permalink
Hi,

ssl certificate for wiki.openvas.org is not in processing .. looks like
wiki.openvas.org is not working at this moment?
Post by Eero Volotinen
Post by red0queen
Hi,
I use my personal certificate to provide encryption at the login, but I
can add another if you want give me one.
Best regards
Post by Eero Volotinen
Could you provide some contact information? email?
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Well, I can take care of certificate, but I possibly need approval it
so who manages that email address?
--
Eero
red0queen
2014-07-24 10:38:11 UTC
Permalink
Exact, I haven't redirect the .org, it's ok now.
Hi,
ssl certificate for wiki.openvas.org <http://wiki.openvas.org> is not
in processing .. looks like wiki.openvas.org
<http://wiki.openvas.org> is not working at this moment?
Hi,
I use my personal certificate to provide encryption at the login, but I
can add another if you want give me one.
Best regards
Post by Eero Volotinen
Could you provide some contact information? email?
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Well, I can take care of certificate, but I possibly need approval
so who manages that email address?
--
Eero
Jan-Oliver Wagner
2014-07-24 10:42:49 UTC
Permalink
Post by Eero Volotinen
ssl certificate for wiki.openvas.org is not in processing .. looks like
wiki.openvas.org is not working at this moment?
I can access wiki.openvas.com and also via wiki.openvas.org.
--
Dr. Jan-Oliver Wagner | ++49-541-335083-724 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Reindl Harald
2014-07-24 10:52:05 UTC
Permalink
Post by Jan-Oliver Wagner
Post by Eero Volotinen
ssl certificate for wiki.openvas.org is not in processing .. looks like
wiki.openvas.org is not working at this moment?
I can access wiki.openvas.com and also via wiki.openvas.org
maybe you should care for the CN and not install a
random wildcard cert for a different domain

https://filippo.io/Heartbleed/#wiki.openvas.com
Uh-oh, something went wrong: x509: certificate is valid for *.red-net.info, not wiki.openvas.com
If you know what you are doing, tick the ignore certificates box. Otherwise please try again!
Eero Volotinen
2014-07-24 11:07:10 UTC
Permalink
Post by Reindl Harald
Post by Jan-Oliver Wagner
Post by Eero Volotinen
ssl certificate for wiki.openvas.org is not in processing .. looks
like
Post by Jan-Oliver Wagner
Post by Eero Volotinen
wiki.openvas.org is not working at this moment?
I can access wiki.openvas.com and also via wiki.openvas.org
maybe you should care for the CN and not install a
random wildcard cert for a different domain
https://filippo.io/Heartbleed/#wiki.openvas.com
Uh-oh, something went wrong: x509: certificate is valid for *.red-net.info,
not wiki.openvas.com
If you know what you are doing, tick the ignore certificates box.
Otherwise please try again!
And server is missing critical openssl security patchies? oh no ..

--
Eero
Reindl Harald
2014-07-24 11:28:52 UTC
Permalink
Post by Reindl Harald
ssl certificate for wiki.openvas.org <http://wiki.openvas.org> is not in processing .. looks like
wiki.openvas.org <http://wiki.openvas.org> is not working at this moment?
I can access wiki.openvas.com <http://wiki.openvas.com> and also via wiki.openvas.org <http://wiki.openvas.org>
maybe you should care for the CN and not install a
random wildcard cert for a different domain
https://filippo.io/Heartbleed/#wiki.openvas.com
Uh-oh, something went wrong: x509: certificate is valid for *.red-net.info <http://red-net.info>, not
wiki.openvas.com <http://wiki.openvas.com>
If you know what you are doing, tick the ignore certificates box. Otherwise please try again!
And server is missing critical openssl security patchies? oh no ..
how *laughable is that* develop a security scanner and not patch
the own wiki of the scanner software? what about running OpenVAS
on servers for the own domain?

https://www.ssllabs.com/ssltest/analyze.html?d=wiki.openvas.org&ignoreMismatch=on

Experimental: This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
and exploitable. Grade set to F.

This server is vulnerable to the Heartbleed attack. Grade set to F.

The server does not support Forward Secrecy with the reference browsers. MORE INFO »
Michael Meyer
2014-07-24 11:49:56 UTC
Permalink
Post by Reindl Harald
how *laughable is that* develop a security scanner and not patch
the own wiki of the scanner software?
This server ist hosted and managed by a community member and not by
the OpenVAS team.

Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Reindl Harald
2014-07-24 12:00:29 UTC
Permalink
Post by Michael Meyer
Post by Reindl Harald
how *laughable is that* develop a security scanner and not patch
the own wiki of the scanner software?
This server ist hosted and managed by a community member and not
by the OpenVAS team
hosted maybe, managed - no way - Heartbleed is not new
don't matter as long it's under the offical domain

some would expect for good reasons that subdomains
below "openvas.org" are scanned regulary for "eat
your own dogfood"

now it is redirected to "wiki.openvas.com" which is using the
identical wrong wildcard-cert, has the same leaks and IP

* This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
* This server is vulnerable to the Heartbleed attack
* The server does not support Forward Secrecy with the reference browsers

wo is "*.red-net.info" and why that careless with CN?
Reindl Harald
2014-07-24 12:04:52 UTC
Permalink
BTW:

https://www.ssllabs.com/ssltest/analyze.html?d=openvas.org

This server's certificate is not trusted, see below for details.
This server supports anonymous (insecure) suites (see below for details)
The server does not support Forward Secrecy with the reference browsers

This server is not vulnerable to the Heartbleed attack.
Experimental: This server is not vulnerable to the OpenSSL CCS vulnerability

Trusted No NOT TRUSTED
Chain issues Contains anchor
Post by Reindl Harald
Post by Michael Meyer
Post by Reindl Harald
how *laughable is that* develop a security scanner and not patch
the own wiki of the scanner software?
This server ist hosted and managed by a community member and not
by the OpenVAS team
hosted maybe, managed - no way - Heartbleed is not new
don't matter as long it's under the offical domain
some would expect for good reasons that subdomains
below "openvas.org" are scanned regulary for "eat
your own dogfood"
now it is redirected to "wiki.openvas.com" which is using the
identical wrong wildcard-cert, has the same leaks and IP
* This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224)
* This server is vulnerable to the Heartbleed attack
* The server does not support Forward Secrecy with the reference browsers
wo is "*.red-net.info" and why that careless with CN?
red0queen
2014-07-24 12:54:28 UTC
Permalink
Post by Eero Volotinen
And server is missing critical openssl security patchies? oh no ..
Youps... it's done...
Post by Eero Volotinen
what about running OpenVAS on servers for the own domain?
I haven't put openvas in production at this time, so if anyone want scan
the wiki and send me report...
Post by Eero Volotinen
wo is "*.red-net.info" and why that careless with CN?
Because my goal was just to provide encryption to protected the auth
page, in this way, I use my personal cacert certificate. But you can
thanks Eero who want provide one with a good CN. It's always a pleasure
to see some people act and just only criticize ;-)

Thanks for you observations

Loading...