Slashdot Mirror

← Back to Stories (view on slashdot.org)

Startup Prepares Cracker Attack Emulator

Posted by Zonk on from the cracker-in-a-box dept.

Startup.Blog writes "A startup company MuSecurity is shipping a product that emulates multitude of known attacks and integrates the security checks into quality assurance processes. The company 'will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use.'"

21 of 106 comments (clear)

  1. So what? by komodo9 · · Score: 4, Insightful

    How is this anything new? There is open source (and closed) that has been available for a while that does this.
    --
    United Bimmer - BMW Enthusiast Community

    1. Re:So what? by Fred_A · · Score: 5, Funny

      We people in the industry even have a name for this technology. It is called a user.

      --

      May contain traces of nut.
      Made from the freshest electrons.
    2. Re:So what? by HermanAB · · Score: 3, Funny

      For a Windoze box, it is called 'Plug Into Teh Interweb'. This test runs for about 20 minutes.

      --
      Oh well, what the hell...
    3. Re:So what? by gbobeck · · Score: 4, Funny

      Your testing tool must be outdated. With a new Windows XP box the test now takes 10 minutes or less.

      --
      Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
    4. Re:So what? by plover · · Score: 3, Funny

      Could you be thinking of ... hmm ... I don't know, maybe ... SATAN??!!?!

      --
      John
  2. REALLY, REALLY important /sarcasm by AKAImBatman · · Score: 5, Insightful

    Mu Security would not say whether the product will be hardware- or software-based, but more details will be revealed in March, Furgerson said.

    That's not very helpful. If we're talking a tool to check for security flaws already patched against, what good is that? Just keep your systems up to date. On the other hand, if we're talking about things like buffer-overflow checkers, then why not use an existing product?

    This thing is going to have to be pretty darn impressive to actually find a niche other than people who don't know any better.

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:REALLY, REALLY important /sarcasm by antifoidulus · · Score: 3, Insightful

      It seems as if they are trying to automate what companies pay experts a lot of money to do already: attack software from every concievable angle. The experts hired to do that can get quite creative, so of course the software is going to have to be quite good to get companies to consider replacing their experts, and I personally doubt they can do it. If it's worth anything, it will probably just end up becoming another tool of the trade. Though, as always, time will tell.

      --
      Monstar L
    2. Re:REALLY, REALLY important /sarcasm by Tim+C · · Score: 4, Funny

      This thing is going to have to be pretty darn impressive to actually find a niche other than people who don't know any better.

      In my experience, that's still a pretty big niche.

      --
      It's official. Most of you are morons.
  3. Satan/Santa by fatphil · · Score: 5, Insightful

    ... and several other ones already axist.

    I'd say that the only interesting thing about this announcement is an opportunity for geeks to analyse this new product and see if it contains any ripped off GPL'ed code.

    FP.

    --
    Also FatPhil on SoylentNews, id 863
  4. In other news... by Anonymous Coward · · Score: 5, Funny

    cracker sues Startup over piracy of cracker's trade secrets via emulation.

  5. This is nothing new by possible · · Score: 4, Informative

    I read about this a couple days ago and spent some time on the company's site looking for an explanation of what they are doing that is so new. The answer I came up with is "Nothing". There is no information on their websites about specifc products or services. Looks like another snake-oil security startup.

    There are other companies and even some academic groups (PROTOS from the University of Oulu, to name one) who have been doing real things in this area for years. There are also companies that take a source-code centric approach.

    For several years now, there have been products that check for whole classes of vulnerabilities in applications. Such approaches are not limited to just known vulnerabilities in existing apps -- they check for common programming or configuration errors in custom applications as well. They are making it sound like checking for these things before systems go into production is a new concept. That's the whole point of security auditing.

  6. Tip: by DrEldarion · · Score: 4, Funny

    While most crackers are pretty harmless, saltines are going to give you the most problem. Keep an eye out for Ritz as well, as I've personally had issues with keeping those out of my system.

  7. What about.. by SocialEngineer · · Score: 4, Insightful

    Does it call fed up employees who are just looking for someone to talk to, exploiting the conversation and getting valuable information necessary to break into the network? :)

    Cool concept, but I wonder about how effective it'll be without good admins who know how to watch logs, set up honeypots when necessary, and train employees to shut up. Still, it could have it's uses.

    --
    "Better to be vulgar than non-existent" -Bev Henson
  8. MuSecurity.. by JWSmythe · · Score: 5, Funny


        "MuSecurity. We hack you first, so the hackers don't have to."

        "Pre-root your box for only $19.95"

        "Want a bot net? Have you own today!"

        Oh, testing for exploits, not actually exploiting the box.. hehe.

    --
    Serious? Seriousness is well above my pay grade.
    1. Re:MuSecurity.. by ozmanjusri · · Score: 5, Funny

      "MuSecurity. We hack you first, so the hackers don't have to."

      So they're a division of Sony, are they?

      --
      "I've got more toys than Teruhisa Kitahara."
  9. Oh great, more "red queen"... by venomkid · · Score: 4, Insightful

    More "keeping up with the hackers" nonsense. How about we just leave nothing permitted that we don't already know is legit?

    There's money to be made in treating cancer, but not curing it. And this is the IT equivalent.

    --
    vk.
  10. Juniper Staff by Anonymous Coward · · Score: 3, Interesting

    Almost all the staff is ex-Juniper. Talk about running off with corporate assets

  11. Known attacks by MichaelSmith · · Score: 3, Insightful

    Its the unknown ones you really have to worry about.

    --
    http://michaelsmith.id.au
  12. Maybe it's Da Fuzz? by PGillingwater · · Score: 4, Informative
    Without bothering to RTFA, it seems to me that they're not really talking about a library of known attacks like Nessus or EEye, but rather are discussing something like an automated tool that generates hundreds of thousands or even millions of potential attack vectors, similar to Spike or Scratch. For a nice roundup of Fuzzing links, check here. Note that Mu security is already listed.


    N.B. mu is a nice Japanese Zen word which means emptiness of mind, or literally "nothing."

       

    --
    Paul Gillingwater
    MBA, CISSP, CISM
  13. Headline should read: by EVil+Lawyer · · Score: 3, Funny

    Slashdot Editor Duped by Guerilla Marketer

  14. Re:Emulator or the real thing? by fatphil · · Score: 3, Informative

    It's a good question, however there is a simple answer.

    There are at least 2 parts to each exploit. One is the route in (a buffer overrun, for example), and the other is the payload. You can test vulnerability by using the same route in, but with a harmless, or simply information-gathering payload. Other alternatives can include a patching payload.

    FP.

    --
    Also FatPhil on SoylentNews, id 863