Slashdot Mirror

← Back to Stories (view on slashdot.org)

Startup Prepares Cracker Attack Emulator

Posted by Zonk on from the cracker-in-a-box dept.

Startup.Blog writes "A startup company MuSecurity is shipping a product that emulates multitude of known attacks and integrates the security checks into quality assurance processes. The company 'will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use.'"

14 of 106 comments (clear)

  1. So what? by komodo9 · · Score: 4, Insightful

    How is this anything new? There is open source (and closed) that has been available for a while that does this.
    --
    United Bimmer - BMW Enthusiast Community

    1. Re:So what? by Fred_A · · Score: 5, Funny

      We people in the industry even have a name for this technology. It is called a user.

      --

      May contain traces of nut.
      Made from the freshest electrons.
    2. Re:So what? by gbobeck · · Score: 4, Funny

      Your testing tool must be outdated. With a new Windows XP box the test now takes 10 minutes or less.

      --
      Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
  2. REALLY, REALLY important /sarcasm by AKAImBatman · · Score: 5, Insightful

    Mu Security would not say whether the product will be hardware- or software-based, but more details will be revealed in March, Furgerson said.

    That's not very helpful. If we're talking a tool to check for security flaws already patched against, what good is that? Just keep your systems up to date. On the other hand, if we're talking about things like buffer-overflow checkers, then why not use an existing product?

    This thing is going to have to be pretty darn impressive to actually find a niche other than people who don't know any better.

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:REALLY, REALLY important /sarcasm by Tim+C · · Score: 4, Funny

      This thing is going to have to be pretty darn impressive to actually find a niche other than people who don't know any better.

      In my experience, that's still a pretty big niche.

      --
      It's official. Most of you are morons.
  3. Satan/Santa by fatphil · · Score: 5, Insightful

    ... and several other ones already axist.

    I'd say that the only interesting thing about this announcement is an opportunity for geeks to analyse this new product and see if it contains any ripped off GPL'ed code.

    FP.

    --
    Also FatPhil on SoylentNews, id 863
  4. In other news... by Anonymous Coward · · Score: 5, Funny

    cracker sues Startup over piracy of cracker's trade secrets via emulation.

  5. This is nothing new by possible · · Score: 4, Informative

    I read about this a couple days ago and spent some time on the company's site looking for an explanation of what they are doing that is so new. The answer I came up with is "Nothing". There is no information on their websites about specifc products or services. Looks like another snake-oil security startup.

    There are other companies and even some academic groups (PROTOS from the University of Oulu, to name one) who have been doing real things in this area for years. There are also companies that take a source-code centric approach.

    For several years now, there have been products that check for whole classes of vulnerabilities in applications. Such approaches are not limited to just known vulnerabilities in existing apps -- they check for common programming or configuration errors in custom applications as well. They are making it sound like checking for these things before systems go into production is a new concept. That's the whole point of security auditing.

  6. Tip: by DrEldarion · · Score: 4, Funny

    While most crackers are pretty harmless, saltines are going to give you the most problem. Keep an eye out for Ritz as well, as I've personally had issues with keeping those out of my system.

  7. What about.. by SocialEngineer · · Score: 4, Insightful

    Does it call fed up employees who are just looking for someone to talk to, exploiting the conversation and getting valuable information necessary to break into the network? :)

    Cool concept, but I wonder about how effective it'll be without good admins who know how to watch logs, set up honeypots when necessary, and train employees to shut up. Still, it could have it's uses.

    --
    "Better to be vulgar than non-existent" -Bev Henson
  8. MuSecurity.. by JWSmythe · · Score: 5, Funny


        "MuSecurity. We hack you first, so the hackers don't have to."

        "Pre-root your box for only $19.95"

        "Want a bot net? Have you own today!"

        Oh, testing for exploits, not actually exploiting the box.. hehe.

    --
    Serious? Seriousness is well above my pay grade.
    1. Re:MuSecurity.. by ozmanjusri · · Score: 5, Funny

      "MuSecurity. We hack you first, so the hackers don't have to."

      So they're a division of Sony, are they?

      --
      "I've got more toys than Teruhisa Kitahara."
  9. Oh great, more "red queen"... by venomkid · · Score: 4, Insightful

    More "keeping up with the hackers" nonsense. How about we just leave nothing permitted that we don't already know is legit?

    There's money to be made in treating cancer, but not curing it. And this is the IT equivalent.

    --
    vk.
  10. Maybe it's Da Fuzz? by PGillingwater · · Score: 4, Informative
    Without bothering to RTFA, it seems to me that they're not really talking about a library of known attacks like Nessus or EEye, but rather are discussing something like an automated tool that generates hundreds of thousands or even millions of potential attack vectors, similar to Spike or Scratch. For a nice roundup of Fuzzing links, check here. Note that Mu security is already listed.


    N.B. mu is a nice Japanese Zen word which means emptiness of mind, or literally "nothing."

       

    --
    Paul Gillingwater
    MBA, CISSP, CISM