Security vuln auction site pulls in research
A controversial marketplace for security exploits and vulnerabilities said it has exceeded expectations with the submission of more than 150 vulnerabilities in its first two months of operations. WabiSabiLabi encourages security researchers to sell their findings to vetted buyers. Herman Zampariolo, chief exec of WSLabi which …
Yeah...right!
...cause as we all know, the bad guys would never have any money to buy these or have false identities/shell companies with stolen information to purchase vulns with. and $10k? I bet some of the larger spam ops pull that in about an hour.
Here is a question, what if a windows vuln was purchased by bad guys, using fraudulent info and a stolen credit card, and the purchased vuln was then used to exploit windows users and steal more creit card numbers? Like a snake eating itself.
I personally think making vulns a commodity only creates a more harmful environment. Only crappy security vendors buy these and then write signatures to catch one variant of the exploit. What a world.
Illegal Methodology
Reverse engineering illegal? First that I've heard of it!
If the aim is to direct vulnerability research to the good, it also seems to be an odd decision to make. The good guys can't use the same tools? Daft!
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Linux on the Desktop
Lessons from mainstream business adoption - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - The BI Inflexion Point
Information is a right, not a privilege - The Evolving Security Landscape
Reg Webinar - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - The Register's Green Computing Debate
An on-demand webcast
