At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.
Schwartz and Cramb were presenting the details of their tool, called Meatpistol. It's a "modular malware implant framework" similar in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of common exploits, and it is not intended for penetration testing. The tool was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code.
[...] Schwartz had reportedly gotten prior approval to speak at Defcon from Salesforce management, and he was working toward getting approval to open-source Meatpistol (which is currently in a very rough "alpha" state but was at use internally at Salesforce). But at the last moment, Salesforce's management team had a change of heart, and it was trying to get the talk pulled. As ZDNet's Zach Whittaker reports, a Salesforce executive sent a text message to Schwartz and Cramb an hour before their scheduled talk, telling the pair not to announce the public release of the code.
[...] A Salesforce spokesperson contacted by Ars would not comment, stating, "We don't comment on matters involving individual employees."
Source: Ars Technica
Also at ZDNet and The Register
(Score: 2) by frojack on Saturday August 12 2017, @01:31AM (1 child)
Me: Fetching popcorn, waiting for the source code leak.
Likelyhood of these guys not having current copies tucked away on servers beyond reach seems vanishingly small.
That Salesforce has such hacking tools in active development can't be good for their image. (Other than their principal market is salesmen who we all know would never have a use for such things.)
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday August 12 2017, @06:38AM
Doesn't matter if they have copies. It's the right to use the code or release it that will matter, unless they move to Russia..