Insecurity experts flog vulnerabilities

Market forces

By Nick Farrell

Fri Jul 06 2007, 09:30

HACKERS WHO discover a flaw in software are flogging them on a new auction site.

WabiSabiLabi says it wants to change the back-room market for security vulnerabilities and move it into the mainstream. An insecurity expert who finds a flaw can sell it on WSLabi's marketplace auction site here.

WSLabi, which says it is a "neutral, vendor-independent Swiss laboratory," checks out the vulnerabilities and verifies their validity before allowing them to be flogged.

On WabiSabiLabi today is a Linux kernel memory leak vulnerability which you can buy for 500 euros.

According to the site the current "ethical disclosure" policy followed by insecurity researchers is costing them cash. It is being used by vendors and security providers in order to exploit their efforts for free. WabiSabiLabi is reported on Dark Reading as saying it is giving cash back to the security industry.

More here. µ

Hackers break into Linux kernel home Gained root access and deployed Trojans Thursday, 1 September 2011, 12:31 PM Read more	Wordpress blogs are at risk Hole found in a popular third-party script Wednesday, 3 August 2011, 15:11 PM Read more
Researcher blasts Siemens over 'power plant hack' vulnerability He says the clock is ticking Tuesday, 24 May 2011, 16:25 PM Read more	Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more
McAfee is fixing security bugs on its website Insecurity firm is sweeping its own doorstep Tuesday, 29 March 2011, 14:40 PM Read more	Microsoft won’t patch Internet Explorer before hacking contest next week It’s pretty pointless anyway Friday, 4 March 2011, 12:07 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Business Development Manag

Business Development Manage...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Insecurity experts flog vulnerabilities

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review