Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43424
  • Total Topics: 16521
  • Online today: 2702
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2702
Total: 2703









Author Topic: Auctions for Hackers - WabiSabiLabi site sells vulnerabilities  (Read 3440 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
    • SCforum.info
This is a site where security researchers auction their most recent disclosures. Is this right? Sure, it's great that these guys are finally getting some dough for all their work, but what if these flaws are bought out by hackers that will never disclose them to the original program/site creators? I don't think that's too good, well... let's just think about it, if you were to buy such a vulnerability for, let's say $75-100.000 would you 
give it to the vendor? Or would you make a profit out of it?  Of course you wouldn't give it to the vendor, that's
stupid! That would mean throwing your money out the window!

The system is similar to eBay's. You have to create an account, that will be checked in order for them to discover whether you're a malicious user or not. (I really wonder how they do that since most hackers know how to stay stealthy) After that, you can participate in any auction, and, of course, the discovery goes to the highest bidder.

As I've seen on NetworkWorld, there are several good things about this, though, for example, not everyone will know about the vulnerabilities but only one person. So, if he or she has no evil intentions, flaws can be fixed before hackers can get hold of them. Also, this will increase the value of vulnerabilities earning researchers more money.

A similar service was conducted by eBay some time ago, but they decided to withdraw it, because it was considered to be dangerous for Internet security. There has been a poll about this and 88 percent of the people that were questioned have responded that they consider such sites a threat, as NetworkWorld informs. In my opinion, this type of site can be great, if used adequately.
cw
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023