Has H.D. Moore gone too far?
Moore's like many security researchers who gin up publicity for the software flaws they find, as he did with his bug-a-day stunt highlighting browser weaknesses in July. But he goes further, as one of the main forces behind the Metasploit Project, which posts a free, open source platform that makes it easier to develop and test code that can take advantage of software vulnerabilities. Included are more than 150 examples of such code ready to exploit flaws.
Next month, Moore will raise the already-high stakes when Metasploit releases a new piece of code--called eVade-o-Matic--that makes it harder for intrusion-detection systems and antivirus software to detect exploit code aimed at Web browsers. It's one thing to show people how to exploit software flaws; it's another to help attackers go unnoticed.
He's even well regarded by some--not all--in Microsoft's Security Technology Unit, which had Moore speak at its "Blue Hat" conferences, designed to give Microsoft programmers a wake-up call to the kind of hacking their work will endure. However, one manager of a product successfully broken with his tools, who's no longer with Microsoft, called Moore the "spawn of the devil" and "Hitler's driver."
For full article:
http://www.informationweek.com/news/sho ... =193401125