NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0490 Reverse-Engineering Security Holes in Hacking Software:
Security expert Joel Eriksson, a researcher at the Swedish security firm Bitsec, is using reverse-
engineering tools to find remotely exploitable security holes in hacking software, according to an
online technology journal. In particular, Eriksson targets the client-side applications intruders use
to control Trojan horses remotely, finding vulnerabilities that would let him upload his own rogue
software to intruders' machines. He demonstrated the technique publicly for the first time at the
recent RSA security conference. The researcher suggests that the best defense might be a good
offense. He proposed that an active - albeit controversial - approach such as this might be more
effective than installing a better intrusion-detection system.
(news.bbc.co.uk 14APR08)