- Tuesday, 17 November 2009
- INQ Mobile
- RSS
I wrote a story on microprocessors once. Paper would have been better - The Evil Dr Spinola
Criminals pay bribes to hide vulnerabilities
ORGANISED criminals are bribing security experts and hackers to keep quiet about security vulnerabilities, according to IBM's security experts ISS.
The annual "X-Force" report, shows that the number of security vulnerabilities is down by 5.4 per cent this year. This is the first time in ten years, but Biggish Blue experts warn that the web is not much safer.
Chris Rouland, ISS's chief technology officer, said the 2007 number would have been higher if not for the fact that organised crime is paying a bounty of up to $100,000 to computer whizzes who find such threats and shut up about them.
Software vendors are also buying the vulnerability information so that they can fix them without anyone noticing.
He said there was no way to tell how many security holes are going undocumented.
More here. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Proactive Pre-emptive Protection Plan ™

We Stop Problems Before
They Open Sauce YOU!

This act will not stand. We will find those who did it. We will smoke them out of their holes. We'll get them running and bring them to justice!

So we don't know whether Oracle's in a cave with the door shut, or a cave with the door open. We just don't know. But we know that if Oracle's determined to keep weapons of hack destruction, and determined to make more.


I'm wondering what kinds of skills are needed to find these vulnerabilities. I imagine they could be used for good and bad reasons. Maybe arrange a collection of about 20 people with these skills and have them find 20-30 vulnerabilities in OSX, Windows, and Linux, and then see which company(I'm using this term loosely since I'm including Linux) solves the problems fastest.

Honestly, the way to solve the problems with the vulnerabilities is for Linux to come up with a way to make the other two lose market share. How about closed source Linux games, with all the security measures open source?