I like the name, but I like the PostScript 'Satan Inside' and the
Full Length Artwork sketch provided in the .tar file even better.
I dinked with it for a while earlier this afternoon. No big
hairy deal.
I would tend to agree with you; the underlying mechanisms in Satan
are old news. ISS (at least the freely available version) performs
equally in scope, with a less 'user-friendly' motif. The implications
are obvious; anyone with a modicum of experience could easily insert
their [your choice of phraseology here] and act upon vulnerabilities
found with Satan. Call it 'Son of Satan'.
All in all, no news here.
- paul
>
>
> The big hoopla is mostly because it is a nice tool and framework
> with a good front end. WWW was around long before Mosaic. Yet,
> it didn't take off until Mosaic came out. Security testing
> scripts have been around (mostly in hacker hands) for a long
> time. I hope that such testing now takes off and
> flourishs under Satan.
>
> Other than being a good tool - it is also one of the first times
> that anyone has released a freely available comprehensive
> security testing tool. Testing security is something people
> tend to get scared of. Information about security is "bad"
> according to many who would rather have security lie in FUD.
>
> Of course the name of the tool doesn't hurt it. Such a name
> makes for a *great* soundbyte in the media. (Good for
> raising the ire of the christian right too! :-)
>
> > It is a nice tool, and the graphical interface (a perl5 program uses
> > html and Mosaic as an interactive user interface) is very clever.
> >
> > But at the moment there is nothing real new about Security in
> > Satan. It just a nice way to handle and apply methods to check already
> > know vulnerabilities. (where some methods still need to be improved,
> > e.g. rsh.satan)
> >
> > Of course, it is a wonderful idea to make such a tool. I am sure it
> > will become (became?) a standard. Security holes will no longer be
> > reported as a report only, but as a Satan method also. This would be very
> > helpfull.
> >
> > The only thing I don't understand is why there was so much noise and
> > rumour about. It was praised so much (as far as I know it was in the
> > TV in America, isn't it?), that some people expected all networks and
> > hosts to be cracked at release time of SATAN.
> >
> > I like SATAN very much, and it makes life more comfortable (and
> > networks more secure because people do check it more with SATAN than
> > without SATAN), but from the view of security there is nothing new
> > yet.
> >
> > I am sure that it will get bigger and stronger in future, when the
> > test methods get more and better. Hope that people will put their
> > knowledge about security holes in scripts to be used by satan.
> >
>
_______________________________________________________________________________
Paul Ferguson
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
hawk .
sprintmrn .
com
Reston, Virginia USA http://www.sprintmrn.com
Follow-Ups:
|
|
