Full Disclosure mailing list archives
WTF eEye Really?
From: Sec News <secnewz () gmail com>
Date: Mon, 3 May 2010 17:44:55 -0700
Did anyone else see this? http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands """ Penetration Tools Can Be Weapons in the Wrong Hands Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, Vulnerability Management After a lifetime in the vulnerability assessment field, I’ve come to look at penetration testing almost as a kind of crime, or at least a misdemeanor. We enjoy freedom of speech, even if it breaks the law or license agreements. Websites cover techniques for jailbreaking iPhones even though it clearly violates the EULA for Apples devices. Penetration tools clearly allow the breaking and entering of systems to prove that vulnerabilities are real, but clearly could be used maliciously to break the law. Making these tools readily available is like encouraging people to play with fireworks. Too bold of a statement? I think not. Fireworks can make a spectacular show, but they can also be abused and cause serious damage. In most states, only people licensed and trained are permitted to set off fireworks. Now consider a pen test tool. In its open form, on the Internet, everyone and anyone can use it to test their systems, but in the wrong hands, for free, it can be used to break into systems and cause disruption, steal information, or cause even more permanent types of harm. How many people remember the 80’s TV show Max Headroom? Next to murder, the most severe crime was if users illegally used information technology systems to steal information or make money. There was tons of security around these systems and even possession of tools to penetrate a system was a crime too. So what’s the difference? Yes, it is just a TV show but in reality today we are in effect putting weapons in people’s hands, not tracking them, and allowing them to use them near anonymously to perform crimes or learn how to perform more sophisticated attacks. It all comes back to the first amendment and Freedom of Speech. I can write a blog of this nature, state my opinion about how I feel about free penetration testing tools, and assure everyone that they need defenses to protect their systems, since free weapons are available that can break into your systems – easily. """ WOW - am i the only one to go WTF to this? Talk about alienating your customers and shitting where you eat. And to think i used to be a fan... - Some anonymous ex-eEye fan
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WTF eEye Really? Sec News (May 04)
- Re: WTF eEye Really? Christian Sciberras (May 04)
- Re: WTF eEye Really? Marsh Ray (May 04)
- Re: WTF eEye Really? Justin C. Klein Keane (May 04)
- Re: WTF eEye Really? Marsh Ray (May 04)
- Re: WTF eEye Really? Justin C. Klein Keane (May 04)
- Re: WTF eEye Really? Georgi Guninski (May 04)
- Re: WTF eEye Really? Michal Zalewski (May 04)
- Re: WTF eEye Really? Mike Hale (May 04)
- Re: WTF eEye Really? Sébastien Duquette (May 05)
- Re: WTF eEye Really? J Roger (May 05)
- Re: WTF eEye Really? Sébastien Duquette (May 05)