Well of course they do
If you disclose a security hole you risk getting sued by the company, at best you get a tiny bit of reputation.
If you sell the security hole on the black market you get real money.
Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study. Researchers from Symantec reckon that these zero-day attacks, so called because they are launched well before vendors are even aware of the vulnerabilities, are more prevalent …
Here's the simple truth. Anti-Viruses and ever growing black-lists are an anathema to security.
Symantec's whole business model of selling subscriptions for black-lists to corporations is based on the ignorance of millions.
If you really want security, ditch your fundamentally unsecure infrastructure and black-lists. As a bonus, your computers will get much faster too. Indeed, "anti-virus" variants are the biggest viruses ever invented.
"Anti-Viruses and ever growing black-lists are an anathema to security. ... If you really want security, ditch your fundamentally unsecure infrastructure and black-lists."
Essentially, your solution is to rely on security by obscurity and isolating all machines from any network connection. Is that it?
The scale of hats worn...
Whitehats --- software vendors or usually 'professionals' within the electronics security industry that usually do it for commercial or financial profit and get the "big credit".
Greyhats --- The people that research this stuff to find and create fixes for self purposes/non-commercial purposes or to 'rarely' alert software vendors/professionals of the blackhat's advances, usually absent of financial profit and at most risk for disclosure liability, but plenty of technical knowledge and usually not short of blackhat contacts or where to find such, yet do not pose any threat to man or dog, else they'd be a "blackhat".
Blackhats --- Of course usually crackers, who sit there trying to figure out how to break into systems, usually targetted attacks against particular infrastructures/applications which they "emulate", sometimes at the request for commercial or financial profit, and sometimes the means could be illegal.
I dont see whats new,complex or surprising about this? Have Symantec just woken up from the medieval ages or just stumbled upon a lucky 'find' or 'treasure trail' which no doubt the blackhats would soon get wind and disperse?
There are certainly vulnerabilities where the blackhats simply know about a vulnerability WELL before anyone else. But, this is also the best reason NOT to follow the so-called "responsible" disclosure -- companies will SIT on a vulnerability, sometimes for years. In other words (other than the whitehat and someone or other at the company), the hackers know about the vuln while world+dog does not.
.........And.......in related news......
"Pamela Geller: Darkness descending in England
Oct 27, 2012 11:53 am | Robert [- Spencer's Jihad Watch]
In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders...
read more...."
END Paste.
......may I add here that they [ Muslims already resident in our America] are very skillful at "lawfare" against anything in our America which these Muslims here already perceive to be potentially anti-Muslim......keep an eye on the progress for/against that mega-mosque planned in Middle Tennessee in anticipation of further Muslim growth there.....in our "Bible Belt"....
These Muslims are a burrowing, infiltrating formidable enemy....we Americans have yet to wake up to that fact.
It won't change until people stop being stupid shitheads.
The laws must change. Until those middle age witch searchers will punish hackers - it is easier to fuck things up, than to fix!
I keep fixing vulnerable SOHO routers, but stupid people keep threatning me, writing to the police about me. People are stupid, degenerate shitheads, with down syndrome. Thats is a fact.
........and, in directly related "Other News"......,
pasted here from Robert Spencer's "Jihad Watch"......
.......Pamela Geller: Darkness descending in England
Oct 27, 2012 11:53 am | Robert
In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders..."
End Paste.