Announcement

Collapse
No announcement yet.

Trinity Linux System Call Fuzz Tester Effectively Suspended

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trinity Linux System Call Fuzz Tester Effectively Suspended

    Phoronix: Trinity Linux System Call Fuzz Tester Effectively Suspended

    Dave Jones, a former Linux kernel engineer at Red Hat, is effectively suspending the future public development of his Trinity system call fuzzer...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I think that's really too bad. I understand how he feels, but IMO the best way to beat companies like Hacking Team is to find the bugs yourself and patch them-- good open source tools are essential to fighting the good fight.

    Comment


    • #3
      If no one contribute back its no point in open source the software. He can still use it for finding bugs without making realeses, and he stop the leaching from the wrong sort of companies. Maybe it is not pc at phoronix, but you don't need to open source everything.

      Comment


      • #4
        It would be interesting if there was a more restrictive license type prohibiting public forking and binaries generated from those forks. That would essentially give this guy what he wants. If that's not good enough because people are doing cool things for private use... fork his project and send him some kleenex.

        Comment


        • #5
          You're assuming that the nefarious types would actually care about its licence.

          Comment


          • #6
            The black hats are using his tools to find exploits where they can take over systems...using a good tool for evil, which isn't what we would ever want.

            Comment


            • #7
              Did Hacking Team ever sell Trinity or was it for internal use only? And did they even find any Android exploits? From what people have said, it seems the only Android exploits they had were found by other people and already publicly known.

              Comment


              • #8
                Originally posted by chrisb View Post
                Did Hacking Team ever sell Trinity or was it for internal use only? And did they even find any Android exploits? From what people have said, it seems the only Android exploits they had were found by other people and already publicly known.

                They maybe not be selling Trinity itself, but they sell their findings for sure, and what is most important, their findings are used purely only for evil.

                Comment


                • #9
                  Originally posted by Drago View Post
                  They maybe not be selling Trinity itself, but they sell their findings for sure, and what is most important, their findings are used purely only for evil.
                  It seems they sold to everyone they were legally allowed to, from national police forces to intelligence agencies. I can see why some of the intelligence agencies might raise eyebrows (though our nations happily sell them much worse equipment like guns, tanks and fighter jets). I wouldn't describe police forces in democratic nations like Switzerland as "pure evil" though.

                  The reason I asked about selling Trinity was that, if they did, it would be a copyright violation, and since they still have millions ? in the bank Mr. Jones could sue them for damages.

                  Comment


                  • #10
                    Welcome to the logic followed by the "security community"... People should understand that security bugs are profitable to "blackhats" (and other people too, there are bounties for reporting security bugs, and some groups even use them for "offensive security"...). But this should not be a reason to stop doing things, this should motivate companies to put even MORE money in security, hire specialists and invest on the very same things that "blackhats" do. In fact, this is already being done by Google, Mozilla, Microsoft, etc., and other people should learn from those programs (hint: they are even cheaper than hiring specialized devs...).

                    Comment

                    Working...
                    X