HOME
Technology
Life
Discover science
Medicine - Health
Event
Entertainment'EBay Market' of the security hole wanted to 'bulge'
WabiSabiLabi is worrying public opinion, after officials of the company said they would "set up a trading platform" for all who wanted to sell the zero-day vulnerability they discovered for the high bidder. Best.
Nearly 2 months after the opening date, WabiSabiLabi advertises that they are doing very well, with more than 160,000 regular visitors. The company's plan now is: Expand.
" We are prepared to launch services on the sidelines, " said Chief Strategy Officer Roberto Preatoni. " We will open a series of security and communications services, including a completely new Intrusion Prevention / Detection system, based on a zero-day vulnerability database. WabiSabiLabi will also collaborate. with many other security businesses in the future ".
Problematic approach?
However, the problem is that not all security experts love the approach of WabiSabiLabi.
" I'm not a fan of that idea, " said Enterprise Strategy Group analyst Jon Oltsik. " Researchers often spend time digging holes for liking or for academic purposes. Meanwhile, this model turns that job into a flea market.
Imagine: If medical experts could sell their research in such a blameless way online, this would be a real nightmare for regulatory agencies . Too much space for bad guys to abuse ".
Source: BBC Reaction to this comment, Preatoni says he has a completely different perspective. " WabiSabiLabi does not encourage users to sell holes they discovered.
Instead, we offer a trading platform where security professionals can exchange their findings for a "legitimate prize".
"We do not trade holes on the floor. The winning bidder will receive a detailed, complete report describing the idea gap. It just proves that the gap is real, exists, right? not too useful for illegal purposes ".
Only benefit the seller?
Preatoni proved completely satisfied with the growth of WabiSabiLabi, when he received more than 150 vulnerabilities since the opening until now. Not all gaps are approved "on the floor". There were 40 vulnerabilities rejected because they were discovered by illegal techniques.
Currently, Microsoft Windows is still the "source" that provides the richest vulnerability with 51 holes. These vulnerabilities have been sold for many different prices, the lowest is 100 euros and the highest is 15,000 euros.
All participants, both sellers and buyers, must declare their identity to WabiSabiLabi. They will be provided with a nick when trading to protect their real names. Those who cannot pass this "filter" stage will not be allowed on the floor.
From another angle, David Aitel, Immunity's chief technology officer, said: "WabiSabiLabi just works for the seller."
" A large number of these vulnerabilities have been discovered and posted publicly by others before the auction ends. In the end, the buyer is a loser ."
In addition, pricing a zero-day vulnerability is also problematic. According to Aitel, this work should have been assigned to a third party for inspection, evaluation and validation. However, WabiSabiLabi did not do this.
Trong Cam
- eBay spent 310 million dollars to buy StubHub
- eBay 'East advance'
- PayPal and eBay tops the list
- eBay retreated from the Chinese market
- IBM acquired ISS, stepped into the security market
- EBay enhances online fraud protection
- How to post items on eBay
- 1,200 eBay accounts fall into the hands of hackers
- Skype blocked the security hole
- eBay implements contextual online advertising services
- Oracle suddenly revealed a security error
- eBay prohibits Google's Checkout service
What is the Snapdragon SiP chip?
How to create a yellow circle around the mouse cursor on Windows
Edit the Boot.ini file in Windows XP
3 ways to restart the remote computer via the Internet