University of Illinois: NSA hacking code is Low-NSA, hack-IT information
IT information the so-called villains can always outsmart (Conversely there ... ... ), The United States Department of Homeland Security NSA also has its own team of hackers, shouldn't these people should be United States top players, even though it's superior also has "lost technology". Hackers claiming to be Shadow Brokers steal and recently announced a partial invasion of the NSA developed tools, and the tools in the analysis, a professor at the University of Illinois, that these codes are written in very Low ... ...
Stephen Checkoway is an Assistant Professor of computer science at the University of Illinois, he analyzed the NSA hackers of stolen codes BANANAGLEE, said that the code used to attack the Fortinet firewall. Although he think this paragraph so-called from Yu NSA top hacker of code wrote of didn't more big mean, but also on this results said understanding, because this code is offensive of not defense sex of, it by using of is not know what when will was patch of 0day 0 vulnerability, attack who need in more short time within development out can using vulnerability of code, so they not too may while to both code quality, they care of is code of available sex.
It can be seen that for timeliness strong attack code, the "rush" is inevitable, and the main idea is that "just work". High levels of code to look useless, quickly using the code to get what you want is the most pragmatic. But a pragmatic code how to let outsiders easily got it? NSA members great gods are supposed to maintain defense for systems under the code?
伊利诺伊大学:NSA的黑客代码很Low - NSA,黑客 - IT资讯
IT资讯讯 所谓道高一尺,魔高一丈(反过来说的也有……),美国国土安全部NSA也有自己的黑客团队,按理说这帮人应该是美国的顶尖高手,然而就算是高手也有“丢手艺”的时候。近日自称Shadow Brokers的黑客组织就窃取并公布了部分NSA开发的入侵工具,而且这些工具在被伊利诺伊大学的教授分析后,认为这些代码写的很Low……
Stephen Checkoway是伊利诺伊大学计算机科学专业的助理教授,他分析了被盗取的NSA黑客代码BANANAGLEE,称该代码用于攻击Fortinet防火墙。虽然他认为这款所谓来自于NSA顶级黑客的代码写的没多大意思,但也对这个结果表示理解,因为这个代码是进攻性的不是防御性的,它所利用的是不知道什么时候会被修补的0day零日漏洞,攻击者需要在较短时间内开发出能利用漏洞的代码,所以他们不太可能同时去兼顾代码质量,他们关心的是代码的可用性。
由此可见,对于时效性很强的攻击型代码来说,“赶工”是难免的,而且最主要理念就是“能用就行”。此时代码写出来看着水平高没什么用,赶紧利用代码拿到想要的东西才是最务实的。不过这么一款务实的代码怎么就让外人轻松拿到了呢?NSA的各位大神们是不是应该好好维护下用于系统防御的代码呢?