Security Tools More Harmful Than Helpful?
soblasted writes "With the recent 2.0 release of the Metasploit Framework, people are wondering if
security tools like it do more good than harm. This
article attempts to answer the question. The legitimate use of the framework is for security researchers to use in exploit testing and development.It will run on any OS with Perl, and includes a CLI and web GUI, along with many ready to run exploits and payload modules. With HP also
developing systems to preemptively attack their own networks, has this become acceptable?" This issue reminds me of the first release of SATAN and the uproar it caused.
This is how the security industry works. Host mailing lists for security "researchers," post proof-of-concept code, release automated tools, etc., making it easy for any moron with time to kill to become an uber-script kiddie. Then they turn around and sell solutions to help companies protect their networks. Following that, new expliots, scanning tools, etc. get released, and the cycle continues.
Sure it can all be justified with some explanation about ethical research and such, but in the long run, the IT security industry engages in clever extortion.
I just wish that I had thought of it first, and patented automated scanning software!