lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <i2q637b4adc1005031744h72e350e5nf0f7ccadbe66a37e@mail.gmail.com>
Date: Mon, 3 May 2010 17:44:55 -0700
From: Sec News <secnewz@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: WTF eEye Really?

Did anyone else see this?

http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands

"""
Penetration Tools Can Be Weapons in the Wrong Hands
Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security,
Vulnerability Management

After a lifetime in the vulnerability assessment field, I’ve come to look at
penetration testing almost as a kind of crime, or at least a misdemeanor.

We enjoy freedom of speech, even if it breaks the law or license agreements.
Websites cover techniques for jailbreaking iPhones even though it clearly
violates the EULA for Apples devices. Penetration tools clearly allow the
breaking and entering of systems to prove that vulnerabilities are real, but
clearly could be used maliciously to break the law.

Making these tools readily available is like encouraging people to play with
fireworks. Too bold of a statement? I think not. Fireworks can make a
spectacular show, but they can also be abused and cause serious damage. In
most states, only people licensed and trained are permitted to set off
fireworks.

Now consider a pen test tool. In its open form, on the Internet, everyone
and anyone can use it to test their systems, but in the wrong hands, for
free, it can be used to break into systems and cause disruption, steal
information, or cause even more permanent types of harm.

How many people remember the 80’s TV show Max Headroom? Next to murder, the
most severe crime was if users illegally used information technology systems
to steal information or make money. There was tons of security around these
systems and even possession of tools to penetrate a system was a crime too.
So what’s the difference?

Yes, it is just a TV show but in reality today we are in effect putting
weapons in people’s hands, not tracking them, and allowing them to use them
near anonymously to perform crimes or learn how to perform more
sophisticated attacks. It all comes back to the first amendment and Freedom
of Speech. I can write a blog of this nature, state my opinion about how I
feel about free penetration testing tools, and assure everyone that they
need defenses to protect their systems, since free weapons are available
that can break into your systems – easily.
"""

WOW - am i the only one to go WTF to this?  Talk about alienating your
customers and shitting where you eat.

And to think i used to be a fan...

- Some anonymous ex-eEye fan

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ