Slashdot Mirror

← Back to Stories (view on slashdot.org)

Turning Attackers' Tools Against Them

Posted by kdawson on from the back-bearings dept.

Tasha26 writes "The BBC has an interesting Web security snippet from the SyScan 2010 security conference in Singapore. In a presentation, security researcher Laurent Oudot released details of bugs found in commonly used attack kits such as Neon, Eleonore, and Sniper. These loopholes could be exploited to get more information about the attackers, perhaps identifying them, stealing their tools and methods, or even following the trail back to their own computer."

14 of 75 comments (clear)

  1. Following the trail back to their own computer by nurb432 · · Score: 2, Insightful

    ..or to the person they are setting up to go to jail...

    --
    ---- Booth was a patriot ----
    1. Re:Following the trail back to their own computer by Anonymous Coward · · Score: 2, Insightful

      ..or to the person they are setting up to go to jail...

      Yes, and the police shouldn't bother following up on physical evidence either since it usually leads to someone who's being set up to go to jail.

  2. Ka! Crooks' food-chain by oldhack · · Score: 2, Insightful

    All that cleverness wasted...

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  3. Low hanging fruit by retardpicnic · · Score: 5, Insightful

    Meh... Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review, which is why so many computer viruses never get to trigger or release paylod, the only working part of them is the infection mechanism. Perhaps these vulnerabilities would aid n catching a script kiddie who had downloaded a poorly programmed tool and was dumb enough to launch from his own computer. Nobody with brains would launch from "home", they would use bots, which means the police will be storming an old age home with grandparents still using windows 95. I do applaud looking at hacking tools though, I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software and it was far superior to commercial deployment solutions at the time.

    --
    sig loading.......
    1. Re:Low hanging fruit by DigitAl56K · · Score: 3, Insightful

      Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review

      The fact that there are errors in these attack suites in particular is probably more because their purpose is to attack others with no expectation that counter-attacks are likely to happen, at least against these tools themselves.

      I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software

      Funny you bring that up. Older versions used to have a hard coded master password that could be used to steal Sub7 systems, W32/Leaves took over systems that way.

  4. No Honor Among Thieves by IonOtter · · Score: 4, Insightful

    Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?

    "Did you really think you could use my own spell against me , Potter?" -Severus Snape "HP: THBP"

    --
    [End Of Line]
  5. Re:In other news... by Gadget_Guy · · Score: 5, Insightful

    In other news, researchers learn that script kiddies tend not to be very good software developers.

    Surely the very definition of a script kiddie is someone who doesn't write hacking software, but uses software built by others.

    I think this shows that the hacking community can be a bit arrogant, and they think that hackers won't go after one of their own.

  6. Re:walled garden version for the rest of us? by MadnessASAP · · Score: 1, Insightful

    Microsoft would gladly make a walled garden OS for EVERYONE to use if they thought they could get away with it.

    --
    I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
  7. Re:Time for hacker bounty hunter! by betterunixthanunix · · Score: 3, Insightful

    Why? "We connected our mission critical systems to a public communications network, and random people on that network are probing our systems! Waaaaah! Wait, let's probe their systems too!"

    --
    Palm trees and 8
  8. Re:Illegal in many jurisdiction by Anonymous Coward · · Score: 2, Insightful

    Not so. Try a "self defense" defense.

    If an attacker originates an attack on you,
    you are welcome to use ENOUGH force to stop it.

    I think a requisite measure of restraint would be
    proven, and any subsequent culpability waived.

  9. Re:In other news... by RobDude · · Score: 2, Insightful

    Eh, I'm not sure I agree.

    It's one thing to have the ability to find a exploit and take advantage of it. It's an entirely different thing to personally go through all of the code running on your machine and remove all exploits.

  10. drug dealers can't report theft of drugs by circletimessquare · · Score: 3, Insightful

    likewise, what hacker is going to report that someone reverse engineered his hack?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  11. Re:walled garden version for the rest of us? by ArghBlarg · · Score: 4, Insightful

    Haven't they already taken the first step with compulsory driver signing in their 64-bit OSes? I hear there's a registry hack to disable it... for now. But MS would -love- it to be mandatory, they've been laying the foundations since the original "Trusted Computing Platform Alliance" days haven't they? I don't keep up to date on all this stuff so maybe it's not so true anymore.

    --
    ERROR 144 - REBOOT ?
  12. Re:Illegal in many jurisdiction by Anonymous Coward · · Score: 1, Insightful

    Not so. Try a "self defense" defense.

    If an attacker originates an attack on you,
    you are welcome to use ENOUGH force to stop it.

    I think a requisite measure of restraint would be
    proven, and any subsequent culpability waived.

    Stop it?
    iptables .... -j DROP

    Retaliation against the attackets system, which just happens to be a rooted box at MegaCorp ? Year, real smart idea - their lawyers will surely see the sanity of what you did and not sue..