"That last part is the part I get a little bit of shit for sometimes."Įven the generally hacker-friendly Electronic Frontier Foundation, for instance, wrote in a statement to WIRED that PunkSpider could have dangerous consequences. "PunkSpider finds vulnerabilities, it does a little work on the backend to determine the likelihood they're exploitable, and then it releases them to the public immediately," says Caceres. Both the search tool and browser plugin give every website a "dumpster fire" score of one to five dumpster fires, depending on how many vulnerabilities it contains and how serious they are. On top of their search engine, they've also built a Chrome plugin that checks every website a user visits for hackable flaws. The site Caceres and Hopper have built provides a database that's searchable by URL keywords, type of vulnerability, or severity of those bugs. But they hope that visibility will force the web's administrators to acknowledge that their websites contain simple, glaring, and in some cases dangerous flaws-and hopefully fix them. Caceres and Hopper acknowledge that in doing so, their tool could potentially expose those sites to real-world attacks. PunkSpider's creators say it will catalog hundreds of thousands of those unpatched vulnerabilities at launch, making all of them publicly accessible. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible to everything from defacement to data leaks. Now one hacker tool is about to take that practice to its logical, extreme conclusion: Scanning every website in the world to find and then publicly release their exploitable flaws, all at the same time-and all in the name of making the web more secure.Īt the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to release-or, rather, to upgrade and re-release after a years-long hiatus-a tool called PunkSpider. The web has long been a playground for hackers, offering up hundreds of millions of public-facing servers to comb through for basic vulnerabilities to exploit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |