@khm @dalias @micahflee

Oh dear, you're unable to read emotions through social media posts?

And you think that's the normal experience of most people?

There's something you really need to know about yourself, but honestly, I shouldn't be the one to tell you.

@khm @dalias @micahflee

So your initial criticism was that he "did zero followup work to confirm any vulnerability"

but now you're saying "it's not his fucking place to follow up"?

Which one is it?

Given your anger management issues and winning personality, it's becoming clearer that the security engineers at your agency are using nessus scans just to bust your balls, lol

@khm @dalias @micahflee

You criticized Micah for having done "zero followup work to confirm any vulnerability" but by what means are you suggesting he do so?

This isn't the agency you work for; it's some rando's app. Sure, it's POSSIBLE that his Apache had a backported patch, but it's JUST AS POSSIBLE that he doesn't know how to secure his shit.

You're assuming it's the former because you're projecting frustrations from your JOB onto a wholly unrelated scenario—that's some sadfuck shit!

@khm @dalias @micahflee

Just to be clear:

1) You think he should've conducted an unauthorized pen test against the server to confirm the vulnerability?

2) You think "You seem to be running Apache httpd 2.4.57 [...] this version of Apache has multiple critical CVEs which could take over your server" is "bullying"?

3) You think an enterprise would be better off not using a tool like Nessus to alert on potential vulnerabilities that should be reviewed?

lol. "supercomputing engineer" lmao