return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ This exploit tool is fearsome. It should be on your box ]

This exploit tool is fearsome. It should be on your box


Remember my comment that hackers are increasingly able to act (exploit script definition to loose in the wild) inside our OODA Loop? Now a loop trip of a matter of days and hours may be reduced to minutes,  From Security tool more harmful than helpful?:

"A recent report by market research firm Forrester into software security threats found that attacks "explode after unscrupulous hackers build scripted versions." Many critics agree, saying such exploit-testing scripts--which turn a highly technical vulnerability into code that can be run with a few commands--allow far too many people to become online attackers."

"The updated framework, known as Metasploit Framework 2.0, enables people to create standardized plug-ins for the tool so that they can legally hack into computers by manipulating the latest security holes. The tool already has 18 exploits and 27 different possible payloads."

Doomed you say? Suppress 'the tool' you say? Useless for you as even if this (legitimate) Metasploit tool were suppressed, the concept is now known and code is now being used. If Metasploit were suppressed, one or more illegitimate, perhaps covert, tools would take its place. The genie cannot be squeezed back into the bottle.

I submit the exact opposite: A tool such as Metasploit should be a common as a disk utility or a defragger. If a virus detection manufacturer were on their toes, they should incorporate this tool into their subscription service such that exploit signature (if it lands on your box) morphs into exploit detection (is my box vulnerable):

"Beyond those people, Lindstrom said, the tool could allow thousands of others to become hackers."

Yes, and you should be among them, instantly hacking your own system. And what happens if there is no cure yet available for the disease in question? Awareness is the first step to curing root cause. It won't take too many occurrences for large customers and ISPs to begin to demand corrections, first in code and then in design prior to an app's release, the exploit is run by the app's manufacturer before the app is ever released. It should become part of their QA process.

It could be added into a Sarbanes-Oxley compliance process, and I hope that it is, for if a risk is identified and documented and then not ameliorated, the officers of the firm could be open to suit for fiduciary breach.

"...anyone can already buy such a product from a handful of security companies. However, he acknowledges that the widespread use of such software may make some network administrators' jobs harder. If (you are) a system admin that only patches boxes, of course you aren't going to want to see any new exploit code," Moore said. But that doesn't mean the problem is going away, he added. "We can do anything we want to curb exploit releases--make it illegal in America--but they will still get released."

Metasploit should be a common as a vaccination. Firms will have to work out interim means of protection, which could entail automatically taking the system under attack off line. I would like to see automatic, redundant backup tools that at least protect my data and are resistant to hacking so that at least my data is safe. Then we are operating at or inside the OODA loop of the bad guys:

Security tool more harmful than helpful?
Robert Lemos
April 8, 2004, 4:43 PM PT

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

<<  |  July 2019  |  >>
view our rss feed