Wednesday, August 10, 2005

Don't Forget Honeyclients

If you read the recent SecurityFocus article Microsoft's "monkeys" find first zero-day exploit, you might notice it did not mention work done on an open source honeyclient project. The HoneyClient.org project is led by Kathy Wang. She provides an open source implementation that you might find interesting.

The idea of both projects is to have vulnerable (and perhaps those presumed not vulnerable) applications connect to various servers on the Internet. When visiting some of the shadier portions of the Internet, those clients (i.e., Web browsers) may be exploited. Analyzing the method of exploitation advances the knowledge of defenders, which is beneficial. Rather than waiting for intruders to attack vulnerable services or clients, pre-emptively sacrifice vulnerable yet disposable clients for the good of Internet security research.

No comments: