How hacking got easy
Metasploit

When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.
Last month, I wrote about the DNS security issues, and I included examples of how to exploit it before the magazine went to print [1]. Since then, a friend and I were discussing how exploitable the DNS issue actually was – I said it was relatively easy to exploit, and he thought that it would be difficult at best.
We both stuck to our guns until he said, "If you think it's so easy, go write exploit code for it." My reply was, "Why bother? Someone will write exploit code or a Metasploit module for it within a few days or weeks and release it publicly," which they did.
This is an interesting change of events – years ago, I would have tried to create a working exploit or traded a favor with someone who knew a guy who knew a guy that had exploit code for it. Now I'm willing to wait a few days or weeks for someone to create and release exploit code publicly, probably in any easy-to-use form, such as a Metasploit module.
[...]
Buy this article as PDF
(incl. VAT)