Metasploit Framework 3.4.0 Released

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

- Metasploit should be illegal.

- Full disclosure of critical vulnerability exploit code should be
illegal when there is no patch.

- It should be illegal to offer vulnerability scanning software to the
general public without vetting who is being supplied it.

On Tue, May 18, 2010 at 11:03 PM, HD Moore wrote:
Quoted text here. Click to load it


Re: Metasploit Framework 3.4.0 Released

Quoted text here. Click to load it

Um...  Do you actually believe that, or is this a troll?  It's a bit
daft (to be kind) on several levels.  Have you never encountered the
disclosure debate before?

Vendors increasingly don't fix bugs these days until there's not only
a public vuln disclosure, but some seem to be waiting until there's a
point and click metasploit module to exploit the vulnerability.

Finally, from a legal perspective, it's neither practical nor
effective to make such tools illegal worldwide.  Make attack
frameworks and sploits illegal on unpatched bugs, and then ONLY the
underground will have the sploits, and vendors will lack knowledge of
a problem or any motivation to fix them.

HD and all those working on Metasploit deserve nothing but mad props
in helping push security forward.  Responsible disclosure still needs
to be done no doubt, but once it is done, and vulns are responsibly
released, the sooner there are corresponding sploits available in
frameworks like metasploit, the sooner vendors tend to fix the issues
by providing patches, and the sooner organizations will be
sufficiently moved to applying those updates.  In short, bad things
get fixed faster with metasploit in our lives.

HD - thanks for your work and for your posting the release
notification here.

Quoted text here. Click to load it


Site Timeline