Friday, July 6, 2007

Bid for IT vulnerabilities

Do you discover a new vulnerability on some software or in some OS ? From now you can sell your "discover" on an auction site special for IT vulnerabilities: . The prices are pretty big : 500 for a local linux exploit and 2000 for a Yahoo Messanger 8.1 (require some user interaction anyway) remote exploit.

The creators of this auction site are trying to motivate their ideea:

"The system introduced by 'ethical disclosure' has been historically abused by both vendors and security providers in order to exploit the work of security researchers for free"

"Nobody in the pharmaceutical industry is blackmailing researchers (or the companies that are financing the research) to force them to release the results for free under an ethical disclosure policy."

In my opinion is a "brilliant" ideea but is very possible to have problems with the law because some states doesn't allow any interaction with this kind of software.

I think pretty soon they will become the victim of their ideea :). Why ? Because someone can buy a new discovered "vulnerability" and attack them :).