news

Metasploit: acquired by Rapid 7

Posted Wed, 10/21/2009 - 10:00 by jayzeng

HD moore, who is a world class hacker and the lead developer of metasploit, announced this news today, metasploit has been acquired by Rapid 7. HD moore said in his email to the framework mailing list:

"Rapid7 was the right company for Metasploit for a number of reasons. First and foremost, they understand the value of the community have seen the benefits that funding a project like Metasploit can provide since our first conversation. Second, the management team at Rapid7 is made up of some brilliant folks. They may not be exploit developers, but they understand business and how to make a marriage with Metasploit increase their own bottom line without destroying the value of project in the process. Third, Rapid7 has an amazing technical staff and a solid vulnerability management product. There are only a few companies in the world that understand how much work is involved in doing vulnerability assessments right, and this team has been doing it for over 9 years. Lastly, Rapid7 has an enormous QA lab, with the ability to perform regression testing across a massive array of operating systems and patch levels. The combination of their staff and technical resources will allow the Metasploit Framework to make a huge leap ahead in the comingmonths."

While this is definitely great news for the metasploit project and HD's team, with the resources available inside Rapid 7, I am sure metasploit will go into a new stage. My personal hope is the project won't become another commercial project and continue to be the best open source vulnerability platform.

Introducing Wufoo forms

Posted Fri, 10/16/2009 - 11:04 by jayzeng

Everyone is being hit by the poor economy and everyone is looking for new ways to increase revenue. Recently, I have received a number of requests with almost the same requirements:

Hey, I see an opportunity to do xyz, and all I need is something simple on the web to establish a trustworthy online identity. The site only needs to be simple, easy to use and has something like a contact form so my clients can get in touch with me, I don't need a database or something sophisticated because I understand it will be expensive.

Okay, so what are the underlying messages here and what are the business requirements? Essentially, the client is looking for:

  • A clean, simple design. Keep it straight, only a few things are needed: about us, contact me, introduction. It is up to the client's desire to request the site to be one page design or a few pages view, their call.
  • A contact form, the core part. On the hand, the form needs to be easy to use, while it looks cool with some fancy web 2.0 UI elements like date picker, error indication etc. On the other hand, the client needs to have a complete view of what exactly the users have entered through the form, in another word, a full-fledged report.

As you can guess, client just wants something quick and dirty so they can do their businesses in few days, and they probably don't care whether it has a slick UI with the latest,cool features like Ajax, auto-complete etc. I first start with building everything from scratch, build a html form with all kinds of cool stuff by leveraging jQuery UI, store all the form inputs and pass into a PHP script then mail to the user. I soon realized this is not the best way to approach this kind of problem as clients constantly want to change this and that: UI changes, adding/removing/modifying form fields, any minor changes will require according changes in the back end. You feel my pain?

I soon discovered Wufoo, a form builder site that "making forms easy + fast + fun". Wufoo indeed makes form building a piece of cake, after you register for an account, you will be given three free forms (which should be enough for most people). While building a form is a no brainer, I will show you the form I built in 5 minutes.

Clicking on any field will give you more options to customize.
wufoo options

Each field is customizable, the cool part is you can define a customized message, and you can even let wufoo to send you the entire report to your personal email box, or view the report over wufoo. wufoo report management

Best of all, wufoo takes care all the business for you no matter what minor modifications you make over your form.

Once you have your form built, you can load up the form with as simple as iframing it. You may view the live demo by going to my contact page
Wufoo - wow, really cool!

^ Top of Page