Friday, July 14, 2006

When They Said "Get It On eBay", I Doubt This Is What They Meant

The idea of using security exploits to make some cash certainly isn't anything new -- online extortion schemes have been fairly popular, even if script kiddies are killing the margins. But apparently discovering security vulnerabilities and selling them off to the highest bidder is a growth industry, according to one security firm, even being brazen enough to put them up on eBay. It's hardly surprising to see hackers and malware writers searching for some renumeration for their efforts, particularly with the explosion in phishing, identity theft and other potenially lucrative crimes, and their dependence on staying a step ahead of security companies. What's slightly more interesting, though, is that many security companies themselves are shelling out for the vulnerabilities, under the guise of the greater good, but really getting the information to give themselves a head start in closing the vulnerabilities, and enhancing their products and reputation. Economists love to talk about the value of incentives in motivating people to particular behavior -- perhaps giving malware authors incentives to turn their work over to software developers or security companies isn't such a bad idea.

source : http://techdirt.com/articles/20060714/116255.shtml

No comments: