Mick wrote: ↑
Sat Dec 29, 2018 11:15 am
EA117 wrote: ↑
Fri Dec 28, 2018 8:17 pm
The question really doesn't need any more basis than "looking for the unknown ones, then
Fuelled by paranoia I suspect.
Possibly. Possibly you even meant that "as a bad thing."
All the vulnerabilities I didn't know about before are because somebody looked for them.
The "it's been years" argument is way more permeable than the sound byte wants us to believe, when new revisions of underlying frameworks are part of the phpBB package. Even if phpBB had changed 0% of its own code, it's possible for vulnerabilities to have been introduced in last week's release, let alone last year's. The goal
is to not introduce any, but it happens anyway by the collusion of factors we can't always easily predict.
The man just wants to test his site. "Best case scenario" is that there really isn't anything to find, in which case what's the harm. "Even better case scenario" is that they actually do find something that needs addressed, in which case why would we bend towards dissuading him.