The Shmoo Group started off Defcon on Friday wanting to make a point. Presenting in a tent packed with hackers on the grounds of the Alexis Park Resort in Las Vegas, group members announced that they had found holes in several popular hacking tools.
"Patch management is not just for users anymore," a group member proclaimed. "The general point is setting an example." And that example would be that those who create the hacking tools, should worry about security like any software maker.
The Shmoo gang warned Defcon attendees not to use Kismet in the wardrive contest at the event, or "you'll be owned." Kismet is a tool that can be used to detect and sniff wireless networks and the wardrive contest has Defcon attendees do just that. There are three unfixed, remotely exploitable vulnerabilities in Kismet that could let an attacker gain control over the victim's computer, according to the Shmoo Group.
A warning was also sent out about Metasploit, a tool that lets users check computers on networks and identify those vulnerable securtity flaws. Shmoo members found security problems in Metasploit, they said.