General discussion

Locked

Will Metasploit improve security or help hackers?

By debate ·
What's your take on Metasploit Framework 2.0, a collection of tools for developing and testing exploit code? Do you think it will help Internet security or make hackers' lives easier? Share your comments about the potential of the Metasploit tools, as discussed in the April 26 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!
http://nl.com.com/acct_mgmt.jsp?brand=techrepublic

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Raising the Bar

by drmemory In reply to Will Metasploit improve s ...

1st - A phenomenal business opportunity! The mere existence of the tools make them a necessity.

The truly expert hackers will continue to do what they have always done, challenge the technology in new and innovative ways. All the others will take the minimum misery path and use available tools.

In true Darwinian fashion, code that cannot survive in the new environment will quickly evolve or be killed off by predation/starvation. The result will be more robust applications surviving in a world with far fewer threats of a much higher quality.

Collapse -

Definitely a hackers tool

by Shoshin In reply to Raising the Bar

Metasploit may say it is a security tool for admins, but why does an administrator need to exploit his systems to test for vulnerabilities, he only should need to scan for vulnerabilities with say Nessus and then patch the holes.
Framework2 is such an easy tool for script kiddies to use, and last week there was a perl module released for it to exploit the IIS SSL exploit MS04-011.
This tool will just increase the amount of attacks when the wann-be hackers get wind of it. The true hackers can write and compile their 0-day exploits.

Collapse -

No doubt about it.

by mgordon In reply to Raising the Bar

No doubt about it; I also see a Darwinian element here. In other words, if a niche exists for this kind of toolset, it will exist, sooner or later. NIST (National Institute of Science and Technologies) has been working for a long time on auditing tools; this is an example of the practical application of auditing -- what do you do with the results? If anyone can now audit code in a semi-automated fashion and produce exploits the results will be briefly disastrous and then much better for the survivors. However, I do not actually think much will come of it -- many, many hackers are already auditing Microsoft's code for them -- for free! The most serious bugs -- kernel bugs -- we hope have been discovered and seems to me that we face endless application bugs. The impact of an application bug is minimal to Unix/Linux or any other operating system that does not routinely run applications with administrator privilege. Many people still run MS Windows in administrative mode and are as vulnerable to application bugs and exploits as they are to kernel bugs.

Collapse -

Shades of Turing Machines...

by Underground_In_TN In reply to Will Metasploit improve s ...

This raises the question, is it possible to write any useful program or OS that does not contain exploitable code? In other words, can we ever be secure from hackers?

Collapse -

First Helps then Improves B-)

by radien In reply to Will Metasploit improve s ...

This sequence has been before and is nowadays and will be in tomorrow. Security improves by finding flaws, what crackers do. And such things, Metasploit Framework or Whisker of RFP and so on, helps crackers progress quicker. So this helps IT world progress on a better speed .

Before having Mitnick u did not have any Security department.

Regards
__Radien__

Collapse -

First Helps then Improves B-)

by radien In reply to Will Metasploit improve s ...

This sequence has been before and is nowadays and will be in tomorrow. Security improves by finding flaws, what crackers do. And such things, Metasploit Framework or libWhisker of RFP and so on, helps crackers progress quicker. So this helps IT world progress on a better speed .

Before having Mitnick u did not have any Security department.

Regards
__Radien__

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums