Security tool more harmful than helpful?

The common wisdom in the security world is that easy-to-use scripts to circumvent security--called "exploits"--are a threat to the Internet. The Metasploit Project and its founder, HD Moore, hope to change that perception. On Wednesday, the project released an updated design framework to the Metasploit tool, which allows security experts to check computers on their networks and identify those vulnerable to newly released flaws. The updated framework, known as Metasploit Framework 2.0, enables people to create standardized plug-ins for the tool so that they can legally hack into computers by manipulating the latest security holes. The tool already has 18 exploits and 27 different possible payloads.

Overall, the tool could help administrators find and patch systems vulnerable to a new flaw, thereby blocking a would-be intruder from breaching a company's network security, according to Moore.

"This is a good research tool," Moore said, noting that some 30 percent of Metasploit beta testers are security consultants who seek to plug holes in their clients' networks. Other companies are using the tool proactively to detect flaws in their applications. "There is a large software company that has...rolled the Metasploit stuff into their (quality assurance) testing," he said.

Read Full Story