lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <48FE1371.4070604@pluto.sunn.de>
Date: Tue, 21 Oct 2008 19:37:53 +0200
From: wishi <wishi@...to.sunn.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: security industry software license

n3td3v schrieb:
> there should be a central license that people apply for to use
> software like metasploit.
> 

Well. There's. It's called competence. Clueless people don't use
Metasploit. Normally it doesn't lower the bar very much. Think of Core
or Canvas. You can get this too, nevertheless it's expensive. Who's
going to prevent Warez?

- Right, no one. So if you're talking about a theoretical concept, you
should face the reality: there's no software you can't get for free. And
if there's, nothing prevents you from writing your own exploits. Just
grab some source, and search through it. You'd be surprised how much
crap you'll find.


> only letting the good guys use the software for good
> purposes.

First build a devel, let it run, and sell the holy water. That's how it
works. Without any evil approaches, we wouldn't work.

Today's process of hardening needs something, which speeds it up by
fear. And that's exactly what Metasploit does. It pwns incompetent
management, driven by the idea to develop feature rich blaotware in no
time - without caring for design, structure and security of the customers.

I guess nobody who's having the good old skills needs an exploit
framework. So - what's the software you're going to certify by n3rd3v
license? Shellcode with 0s? :) Or some wrapper scripts? By the way:
security is a market. Nothing prevents you from selling exploits at
wabisabi or so. Nevertheless I wouldn't chose eBay. :)
-- 
--__----____-----
wishinet.blogspot.com
just wishi - does Netninpo
__--___-----_____
- http://www.gnu.org/philosophy/no-word-attachments.html
- PGP ID: 0xCCCA5E74

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ