...said Fyodor Vaskovich, creator of the popular Nmap network port scanning tool...
"But a key advantage of the SPI Dynamics vulnerability is that it is difficult to fix without breaking many Web applications. So it may be around for years to come."
There have been similar attempts to craft JavaScript-based network scanners, but none as advanced as the SPI Dynamics example, Vaskovich said. "SPI Dynamics deserves credit for a clever attack vector and a solid demonstration of the issue. Their method of fingerprinting servers by checking for default image paths and names is slick."
When the definitive source on port scanning gives you massive props in a public forum, you should do a little dance...
My dance makes HR sad.
