Load o' bull. On Tue, May 4, 2010 at 2:44 AM, Sec News <secn...@gmail.com> wrote:
> Did anyone else see this? > > > http://blog.eeye.com/vulnerability-management/penetration-tools-can-be-weapons-in-the-wrong-hands > > """ > Penetration Tools Can Be Weapons in the Wrong Hands > Author: Morey Haber Date: May 3rd, 2010 Categories: Network Security, > Vulnerability Management > > After a lifetime in the vulnerability assessment field, I’ve come to look > at penetration testing almost as a kind of crime, or at least a misdemeanor. > > We enjoy freedom of speech, even if it breaks the law or license > agreements. Websites cover techniques for jailbreaking iPhones even though > it clearly violates the EULA for Apples devices. Penetration tools clearly > allow the breaking and entering of systems to prove that vulnerabilities are > real, but clearly could be used maliciously to break the law. > > Making these tools readily available is like encouraging people to play > with fireworks. Too bold of a statement? I think not. Fireworks can make a > spectacular show, but they can also be abused and cause serious damage. In > most states, only people licensed and trained are permitted to set off > fireworks. > > Now consider a pen test tool. In its open form, on the Internet, everyone > and anyone can use it to test their systems, but in the wrong hands, for > free, it can be used to break into systems and cause disruption, steal > information, or cause even more permanent types of harm. > > How many people remember the 80’s TV show Max Headroom? Next to murder, the > most severe crime was if users illegally used information technology systems > to steal information or make money. There was tons of security around these > systems and even possession of tools to penetrate a system was a crime too. > So what’s the difference? > > Yes, it is just a TV show but in reality today we are in effect putting > weapons in people’s hands, not tracking them, and allowing them to use them > near anonymously to perform crimes or learn how to perform more > sophisticated attacks. It all comes back to the first amendment and Freedom > of Speech. I can write a blog of this nature, state my opinion about how I > feel about free penetration testing tools, and assure everyone that they > need defenses to protect their systems, since free weapons are available > that can break into your systems – easily. > """ > > WOW - am i the only one to go WTF to this? Talk about alienating your > customers and shitting where you eat. > > And to think i used to be a fan... > > - Some anonymous ex-eEye fan > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/