Shurely Shome Mishtake
..."lightly killed" frog, surely?
Exploit broker aims marketing machine at Unix app crack
WabiSabiLabi, which bills itself as the eBay of software vulnerabilities, has borrowed a page from used car salesmen, except instead of talking up their affordable rates and low down payments, the outfit is championing the sale of a nasty sounding exploit that puts Unix boxes at risk. The vulnerability resides in ClamAV, an open …
This topic is closed for new posts.
you need to have a product
Apparently no one cares about a Clam AV vulnerability, try selling something people can get excited about like a remotely exploitable Vista/IE7 attack those are always great for business.Make it even better add a .net component and charge the same low low price.Reminds me of real dead crunchy frog.
Interesting Moral Dilemma
So they've rejected some submissions because the discoverer reverse-engineered the code. This doesn't make the vulnerability go away, and doesn't stop someone who wants to exploit it from also reverse-engineering the code (such people won't be too worried about the legality of doing so). Also, no doubt the immediate response from the company that wrote the software would be to sue the discoverer and anyone else their lawyers could think of for trying to make money from it instead of fixing the code, so the rest of the user base would still be vulnerable.
more profitable
Surely the best approach to finding a "remotely exploitable Vista/IE7" would be to write a fix, then patent it. Then you could simply hold M$ to ransom.
Who honestly runs AV on their UNIX systems anyway ??
The exploit would be honestly concerning if anyone actually ran the product.
If you conducted a straw poll of Ubuntu/SuSE/Fedora users if they 'honestly' ran AntiVirus software, the answer would be ???
Making the xploit worth ?
** I've added Paris Hilton as the ICON, because she's really smart with all IT related issues - an inspiration to all.
I'm pretty sure...
...that the Clam AV team would have patched the vuln by now?
@Paul Brain - I run AV on UNIX
Paul, you've not considered that Clam AV is often used to scan emails that will be read by clients on Windows machines. Clam doesn't just scan for UNIX-targetted viruses, y'know.
Ownership?
Perhaps WabiSabiLabi would have better luck selling their vulnerabilities if there was some sort of copyright enforcement mechanism to ensure that once you bought the item, you'd be the only one to own it.
VxDRM might be one solution. Hardware dongles for virus writing kits could be another.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- Linux on the Desktop
Lessons from mainstream business adoption - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - The BI Inflexion Point
Information is a right, not a privilege - The Evolving Security Landscape
Reg Webinar - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - The Register's Green Computing Debate
An on-demand webcast
