Recognize-Security

Posted by Trancer on Nov 18 2009

The guys at Rapid7 and the Metasploit team announced the release of version 3.3 of the framework. The new version ships with tons of improvments, bug fixes, new featues, exploits and auxilary modules. I really recommend it. For the complete list of changes read the announcment post by HD Moore – Metasploit Framework 3.3 released!
You can download the new version on Metasploit website.

Categories: Metasploit • Tools

0 Comments | Comments RSS | TrackBack URL

---

Posted by Trancer on Nov 02 2009

The Microsoft Security Intelligence Report volume 7 (January through July 2009) released.
As usual in the Security Intelligence Report, Microsoft summarize the state of security and cyber-crime of the Internet, their products vulnerabilities and exploitation in-the-wild for the first half of 2009.
Microsoft Security Intelligence Report volume 7.

Categories: Security News

0 Comments | Comments RSS | TrackBack URL

---

Posted by Trancer on Nov 01 2009

Hello readers. If you didn’t heard about it already, on October 21st, 2009, the hackers favorite exploitation framework – the Metasploit Project was acquired by Rapid7, a vulnerability management, compliance, and penetration testing company. Yep, a commercial company.

The Metasploit Project creator, HD Moore, and one of the developers, Egypt, now got a full time job working on and developing the Metasploit Project. HD in the position of Chief Architect of Metasploit and Egypt as a core developer of Metasploit at Rapid7.

If you read this blog often you probably noticed that I’m a big supporter of the Metasploit Project. I use it on a daily basis, preforming penetration tests and exploit development while at work or at home for fun. As you may guess, my feelings about the acquisition are mixed. On one side this is a good thing, this is a big step for the Metasploit Project. Now it’ll grow and develop faster and rapidly and us, the users, will get a better, faster, more advanced and less buggy program, and I believe we’ll start seeing faster release cycles. But on the other side, now the Metasploit Project which was a free, open source, community driven project, is managed by a commercial company. I think the worst case scenario will be if Rapid7 decide to make Metasploit a commercial product, which will be a sad thing. This won’t be the first time it’ll happen to a good security product. The best example here is the Nessus vulnerability scanner which was acquired by Tenable Network Security back in 2005.

I hope the fate of the Metasploit Project won’t be the same as Nessus. HD Moore stated on the Metasploit blog that the project will remain free and open source. So, if that’s the case and long as the Metasploit Project will stay that way I think the users should be happy about it. I will continue to support the Metasploit Project and develop exploits and other modules for it and contribute in every way I can.
I guess all there’s left to say is congratulations to HD Moore and Egypt for the acquisition, keep on rocking.

References:
>> Metasploit Rising – HD Moore write about the acquisition on the Metasploit blog.
>> Rapid7 Acquires Metasploit – The Metasploit acquisition by Rapid7 CEO.
>> Rapid7 Acquisition FAQ – Questions and answers about the acquisition.
>> Metasploit + Rapid7 shakes up pen-test landscape – Ryan Naraine write about the penetration testing market changes followed by the acquisition.

Categories: Metasploit • Security News

2 Comments | Comments RSS | TrackBack URL

---