Linux Today: Linux News On Internet Time.

Metasploit 3.3 Expands Open Source Vulnerability Test Framework

Nov 19, 2009, 10:33 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

[ Thanks to smk for this link. ]

"While Metasploit could potentially be used as a malicious tool, its intent is all about verifying security and keeping vendors honest, according to project leader H D Moore.

"Metasploit is a great way to enforce the 'trust by verify' method of IT security management," Moore told InternetNews.com. "Often folks will install a patch, but forget to reboot the server or otherwise activate the fix. This can lead to machines showing as 'patched' in the sense that registry checks will return the correct information, but still being exploitable using a product like the Metasploit Framework."

"Metasploit is an open source testing framework first developed by Moore in 2003. One of its hallmarks since at least the 3.0 release is its ability to evade detection by antivirus and intrusion-prevention systems. Again the focus for Moore isn't about being malicious, but about making sure that security systems actually work."

Complete Story

Related Stories: