[Home] [The Vaults] [Glossary] [Donate] [Sponsors] [Affiliates]
[Calendar] Mark Forums Read [VIP Chat] [Register] [Activate] [Resend Email]

General Discussions Unsure where to post ? Start here...


Welcome to the Mycotopia Web Forums
Membership Status -> Guest

Welcome to the Mycotopia Web Forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features.

Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.

  • Before you [register] please verify your email account is valid and can accept email. All accounts require email activation.
  • You must [register] in order to access advanced community features.
  • Your account must be activated. If you need to activate your account manually, click [here]
  • If you need the activation email sent to you again, click [here]
  • Your account must be reviewed and approved by an Administrator before you may post. This usually takes less than 24-Hours.
  • To start viewing messages, select the forum that you want to visit from the selection below.
    		•


    Go Back   Mycotopia Web Forums > Board Discussions > General Discussions
    Reload this Page Online auction for security bugs

    Reply
     
    		Thread Tools Display Modes
    Old 07-09-07, 02:23   #1 (permalink)
    Mycophage
     
    bluefungis182's Avatar
     
    Join Date: Nov 2006
    Posts: 129
    Online auction for security bugs
    Security researchers who find holes in software can now sell their findings to the highest bidder.
    An online auction house has been created to bring together those who find the loopholes with the companies that can do something about them.
    It aims to close the gap between the small number of bugs investigated and the huge number thought to exist.
    By rewarding researchers, the auction house aims to prevent flaws getting in to the hands of hi-tech criminals.
    Hard cash
    Many malicious and criminal hackers rely on loopholes in widely used software, usually Windows, to get access to the valuable information on users PCs.
    There is known to be a ready market for these vulnerabilities on the digital underground and significant sums of money can be made by selling them.
    In early 2006 anti-virus firm Kaspersky Labs revealed that Russian hackers had been selling the Windows WMF vulnerability for $4000 (£2,000).
    The loophole was offered for sale weeks before it was widely known about and long before Microsoft moved to close it.
    Many criminal groups prefer to use vulnerabilities for their own ends to steal information or hijack computers rather than have any and every malicious hacker using them.
    The independent auction house, called WabiSabiLabi, aims to staunch the flow of vulnerabilities to the underground by giving security researchers a legitimate marketplace for what they find.
    "Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals," said Herman Zampariolo, head of the auction site.
    He added that it could tempt many researchers to report findings they would otherwise keep quiet about. In this way it hopes to ensure many more vulnerabilities get reported.
    "Very few of them are able or willing to report it to the 'right' people due to the fear of being exploited," said Mr Zampariolo.
    Once a vulnerability is reported, WSLabi will confirm it is real and that it can be exploited. After this it will be placed on the auction site where it can be sold to the highest bidder or sold to just one firm.
    WSLabi said it would ensure that all those who buy the vulnerabilities were legitimate.
    The first vulnerabilities posted to WSLabi are selling for between 500 (£340) and 2000 (£1,350) euros.
    Many other companies, such as iDefense and Tipping Point, run schemes that give cash rewards to security researchers who find serious loopholes in widely used software.
    The Mozilla Foundation, which oversees development of the Firefox browser amongst other things, gives a t-shirt and a $500 (£250) bug bounty to anyone finding a critical vulnerability in its software.
    bluefungis182 is offline   Reply With Quote
    Old 07-09-07, 10:45   #2 (permalink)
    ia ia cthulhu f'thagn
     
    jay-pheno's Avatar
     
    Join Date: Nov 2006
    Posts: 90
    the sad thing is for the right kinda bug the spammers will pay more !
    jay-pheno is offline   Reply With Quote
    Old 07-09-07, 12:27   #3 (permalink)
    KEY MASTER
     
    CoyoteMesc's Avatar
     
    Join Date: Jan 2007
    Posts: 3,501
    the dark side always pay more...lol
    __________________
    CoyoteMesc is offline   Reply With Quote
    Reply

    « (Previous Thread) please allow me to (re)introduce myself | yo to every1 (Next Thread) »


    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    The PC Full Auto Greenhouse Build Tek TheJackal Grow Chambers & Clean Rooms [terrariums] 70 05-27-07 15:31
    bugs in my grain! Leary's Ghost Fungi: Growing Edible Medicinal & Magic Mushrooms 10 01-17-07 11:44
    Help the Topia Print Auction SharkieJones Contests & Calendar Events 18 10-02-06 20:37
    Auction: Huge Redboy Print boots420 Contests & Calendar Events 35 08-30-06 12:50
    Bugs, thousands of em rocketman General Discussions 37 04-20-06 14:25

    [The Vaults] [VIP Chat] [Calendar] [Donate] [Sponsors] [Page Top] [Register]
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    vB code is On
    Smilies are On
    [IMG] code is On
    HTML code is On
    Trackbacks are Off
    Pingbacks are Off
    Refbacks are Off

    [Contact Us] - [Forums Home] - [Text-Only Version] - [Page Top]
     


    All times are GMT -5. The time now is 05:16.


    DISCLAIMER: These are files from Usenet, the world Wide Web, and other sources which were found especially interesting or informative. Please do not assume we are the authors of any files found at this site. Neither the server,owners, maintainers nor any contributors can be held liable in any way for any information and/or data made available, or omitted, from information distributed through this server. All of the material may - or may not - have been checked for accuracy or completeness or its abiltiy to offend some individuals. All material is supplied "AS IS" without warranty of quality or accuracy of any kind. The entire risk as to the quality and/or accuracy of the information on this server is with you. Should any such material, information, etc prove to offend you or be inaccurate or in any way defective, you (and not the server owners, maintainers, or any contrubutors) assume the risk of viewing or relying on such material, including any consequential damages. Under no circumstances will the server owners, maintainers, or any contributors be liable for any damages from your viewing or reliance upon anything derived from this server even if the server maintainers have been advised that such defect or unsuitability exists. The server maintainers and contributors disclaim all liability to you for damages, costs and expenses, including legal fees, and YOU HAVE NO REMEDIES FOR NEGLIGENCE OR UNDER STRICT LIABILITY, OR FOR BREACH OF WARRANTY OR CONTRACT, INCLUDING BUT NOT LIMITED TO INDIRECT, CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES, EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES. You will indemnify and hold the server maintainers and contributors harmless from all liability, cost and expense, including legal fees, that arise directly or indirectly from any of the following that you do or cause: 1. distribution of this information from this server, 2. alteration, modification, or addition to the information from this server. By your use of this site, you agree to hold harmless the the server maintainers and its contributors against ANY AND ALL CLAIMS arising out of said use , regardless of the cause, effects, or fault. All posts, once made, become the property of www.mycotopia.net.

    FAIR USE NOTICE: These pages may contain copyrighted material the use of which may not been specifically authorized by the copyright owner. This website distributes this material without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. We believe this constitutes a fair use of any such copyrighted material as provided for in 17 U.S.C § 107.

    Any attempt by anyone, registered member or otherwise, to attack, defame, slander, hack, or misuse any service provided by Mycotopia, Mycrotopia, or any domain with regards to this site or it's owners shall be terminated, blocked, banned, or otherwise disabled from using the services provided herein. The owners of Mycotopia Web Forums reserve the right to remove, edit, move or close any thread for any reason at any time.

    By accessing this site you agree and accept these terms.
    You also certify that you are of legal age in your local community and will conduct yourself according to its laws.

    These files are provided FOR INFORMATION ONLY

    Powered by vBulletin® Version 3.6.11
    Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
    Content Relevant URLs by vBSEO 3.1.0


    All trademarks are © their respective owners, all other content is © Mycotopia 2000/2008
    Site Designed and Hosted By | Zen Media Services




    [Output: 52.40 Kb. compressed to 49.68 Kb. by saving 2.71 Kb. (5.18%)]