Tuesday, January 03, 2006

In Defense of HD Moore

Thanks to Tom Ptacek, I learned of a truly lame SANS poll questioning the responsibility of the Metasploit ie_xp_pfv_metafile component. The poll results as of now show the following:

Was the release of the 2nd generation WMF exploit on Dec 31st 2005 irresponsible ?

35 % =>Yes, I 'd like to see the authors brought to justice
21 % =>Yes, they made the world a worse place
32 % =>No, the bad guys had already equal ammunition
11 % =>No, I believe the ends did justify the means
Total Answers: 1379

Regarding the first option -- what law exists against writing Metasploit components? About the last -- what "ends" are in play? I would have liked to have seen the following option:

"No, I now have a means to test the effectiveness of patches,
anti-virus/malware products, and other defensive measures."

Without a way to test the effectiveness of countermeasures, defenders are as much at the mercy of the intruders as they are the software vendors who fail to provide timely patches.

I found that many of the poll comments do not seem to reflect the majority of "Yes" (meaning "irresponsible") votes, and some reflect the sentiment of this post.

I highly recommend reading Tom's post and his link to criticism of SATAN in 1995. The history major in me speaks up once in a while to say "nothing ever changes."

No comments: