Startup Prepares Cracker Attack Emulator

Startup.Blog writes "A startup company MuSecurity is shipping a product that emulates multitude of known attacks and integrates the security checks into quality assurance processes. The company 'will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use.'"

So what?

[komodo9]

How is this anything new? There is open source (and closed) that has been available for a while that does this.
--
United Bimmer - BMW Enthusiast Community

REALLY, REALLY important /sarcasm

[AKAImBatman]

Mu Security would not say whether the product will be hardware- or software-based, but more details will be revealed in March, Furgerson said.

That's not very helpful. If we're talking a tool to check for security flaws already patched against, what good is that? Just keep your systems up to date. On the other hand, if we're talking about things like buffer-overflow checkers, then why not use an existing product?

This thing is going to have to be pretty darn impressive to actually find a niche other than people who don't know any better.

Re:REALLY, REALLY important /sarcasm

[antifoidulus]

It seems as if they are trying to automate what companies pay experts a lot of money to do already: attack software from every concievable angle. The experts hired to do that can get quite creative, so of course the software is going to have to be quite good to get companies to consider replacing their experts, and I personally doubt they can do it. If it's worth anything, it will probably just end up becoming another tool of the trade. Though, as always, time will tell.

Satan/Santa

[fatphil]

... and several other ones already axist.

I'd say that the only interesting thing about this announcement is an opportunity for geeks to analyse this new product and see if it contains any ripped off GPL'ed code.

FP.

What about..

[SocialEngineer]

Does it call fed up employees who are just looking for someone to talk to, exploiting the conversation and getting valuable information necessary to break into the network? :)

Cool concept, but I wonder about how effective it'll be without good admins who know how to watch logs, set up honeypots when necessary, and train employees to shut up. Still, it could have it's uses.

Oh great, more "red queen"...

[venomkid]

More "keeping up with the hackers" nonsense. How about we just leave nothing permitted that we don't already know is legit?

There's money to be made in treating cancer, but not curing it. And this is the IT equivalent.

Known attacks

[MichaelSmith]

Its the unknown ones you really have to worry about.

Re:Maybe it's Da Fuzz?

[Slashcrap]

N.B. mu is a nice Japanese Zen word which means emptiness of mind, or literally "nothing."

It's also a nice letter from the ancient Greek alphabet which means literally "mu".

Re:Hacker, not cracker

[hkb]

No, you are confused. Crackers are/were people who break software copy protection. This is how it's always been. I guess you weren't around "back then", or you were living in some other reality different from the planet Earth's.

This is why 2600 is called the hacker quarterly, why Defcon is a hacker convention, why Phrack is called Phrack (Phreaking/hacking), and so on.

It has never been the way you describe, never.