Security vuln auction site pulls in research
Back to the articleYeah...right! #
Posted Friday 12th October 2007 21:22 GMT
...cause as we all know, the bad guys would never have any money to buy these or have false identities/shell companies with stolen information to purchase vulns with. and $10k? I bet some of the larger spam ops pull that in about an hour.
Here is a question, what if a windows vuln was purchased by bad guys, using fraudulent info and a stolen credit card, and the purchased vuln was then used to exploit windows users and steal more creit card numbers? Like a snake eating itself.
I personally think making vulns a commodity only creates a more harmful environment. Only crappy security vendors buy these and then write signatures to catch one variant of the exploit. What a world.
Illegal Methodology #
Posted Saturday 13th October 2007 01:02 GMT
Reverse engineering illegal? First that I've heard of it!
If the aim is to direct vulnerability research to the good, it also seems to be an odd decision to make. The good guys can't use the same tools? Daft!
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to lower storage costs
Using a highly integrated, feature-rich data storage solution - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - Enterprise PBX buyer's guide
Access to expert research on all aspects of the IP PBX market - 10 Strategies for Choosing a Midmarket ERP Solution
Find out how to use the changing ERP market to your advantage - Best practices for optimizing performance and availability in virtual infrastructures
Solutions for the complete physical and virtualized IT infrastructure
