Compendium /
Should I be posting links to cracking tools?
 
|
|||
 | |||
|
Network World Fusion 09/10/04
You can count on JoatBlog to posts links to all sorts of interesting security resources; it helps me keep our own Security downloads pages up to date. But among the resources he points to are various cracking tools (such as this SSH private-keys cracker). On the theory that it's always good to know what the other side is up to, I've been posting links to some of these tools. But are you folks interested in seeing (and maybe even trying) all the stuff that could be used to break into your network, servers, etc? Let me know!
Adam,
List my answer as "yes". (heh) I don't condone criminal activity either.
As you stated, it's important to know what the other side is doing. The SSH cracker came up as a topic when various people on the Intrusions and Incidents mailing lists were wondering what was behind the sudden increase in port 22 scans. To be fair, please note that I listed recommendations to avoid/minimize the exposure to the tool.
I started blogging about hacker tools as part of a local college curriculum. Since then, we've moved into/through network security, forensics and law (http://netsec.blogspot.com and http://netseclaw.blogspot.com are the class sites).
The theme for joatBlog has remained somewhat static due to my bad habits. It gets very easy to post four items a day by relying on Bloglines, a bit of Google/Yahoo research, and a cynical attitude born of almost a decade of systems administration. I'm hoping (with a bit more free time) to move the theme to malicious code analysis, one of the reasons I started blogging in the first place.
In any case, I firmly believe that we need to continue to talk about the "bad things" in the field so that we can keep ahead of them. Otherwise, you only find out about them when someone else uses it against your network and you're in crisis management mode.
Regards,
Tim
Bruce Schneier has pointed out that the main difference between a remote administration tool and a Trojan like Back Orifice is who uses it.
In other words, it's pretty hard to draw a line that defines a "hacker tool".
There's a practical problem with linking to tools from malicious people: how do you know they're not trojaned? Even reading and building from source, there could still be subtle booby traps. Best to link to dangerous tools from safe people.
This is closely related to the endless debate about whether and how to disclose software vulnerabilities. There's some illuminating data on that subject at http://www.wild.lib.fl.us/bib/disclosure-by-date.html
Fred Wamsley CISSP
Beryllium Sphere LLC
As a budding security researcher I find joatBlog invaluable. I hope to contribute significantly to the body of knowledge, something joat helps enable. Relying on the black hat community for information seems silly.
Posted by: Dominic on September 13, 2004 11:59 AMPost a comment
