Re: Hackers - A Big Business
Come on now, surely some of you "whiz kids" can comment on this??
Re: Hackers - A Big Business
My only comment so far is that it's kind of funny to hear Google call anyone or any company "ethically challenged".
Also, the crime ring I've been documenting here:
http://www.realscam.com/f8/profit-ho...cam-spam-2227/
seems to own over 40,000 domain names, so if they were able to somehow get information from a $100,000/year subscription service seems like it would be chump change compared to what their making from their spam/scam crimes.
Definitely an interesting and disturbing article.
Re: Hackers - A Big Business
Just saw this comment from the author of that article, which I also forgot to take into account in the previous reply:
Quote:
"Rune, Google does pay for exploits–as much as $3,133.70 typically and $60,000 in the Pwnium contest. But they can’t compete with the prices paid by buyers who use the exploits for offense rather than defense. Remember that the subscription fee I mentioned above doesn’t include the price of the exploits themselves."
Re: Hackers - A Big Business
I found it disturbing also and especially how they are making the money...
Quote:
Despite his talk about “transparency,” Bekrar won’t say much about his personal history or career prior to founding Vupen—not even his age. But Vupen is his third try at a startup focused on digging up software-security bugs. His previous companies, K-Otik and FrSIRT, made their bug findings public. Even after founding Vupen (whose name stands for “vulnerability research” and “penetration testing”) in 2008, Bekrar and his researchers initially worked with some software vendors to patch their flaws. But after taking $1.5 million in venture capital from 360 Capital Partners and Gant & Partners, Bekrar found that the firm could earn far more by keeping its findings under wraps and selling them at a premium.
Re: Hackers - A Big Business
I make no secret of the fact that I know nothing of hacking compared to those guys.
I can put a brick wall up or two to stop them though.
Jason
Re: Hackers - A Big Business
More on Chaouki Bekrar:
Doesn’t selling bugs to one customer leave everyone else exposed to their use? It’s not a question that Bekrar contemplates much. For him, bugs are a valuable commodity and if his company can command high prices for them, then he’s not interested in giving them away for free.
The unasked question in all of this is who exactly is buying those bugs from VUPEN. The answer, Bekrar says, is quite simple.
“We only sell to democracies. We respect international regulations, of course, and we only sell to trusted countries and trusted democracies,” he said. “We do not sell to oppressive countries.”
Bekrar considers his company to be a creation of the current environment in the security community and the state of regulations surrounding information security. The company is an outgrowth of the former FR-SIRT, Bekrar said, and in its former incarnation the group published advisories with full vulnerability details. But a change in French law a couple of years ago essentially outlawed that practice, Bekrar said, and so they were forced to stop issuing full disclosure advisories about their research.
Casting about for something to do with the team, Bekrar and his colleagues hit upon the idea of using their talents to make money through private bug sales. Such sales have been going on for a long time, but it wasn’t until fairly recently that they’d been done in an organized, relatively open fashion. For Bekrar, it was a no-brainer.
“We were forced to change. Before, we used to give full disclosure to the government and others and then the law changed and now we sell them,” Bekrar said.
In the shadowy world of bug and exploit sales, Bekrar is an oddity: someone willing to discuss his company’s activities openly. Most of the other companies and individuals who engage in these sales do so quietly and are quite hesitant to talk about any aspect of it, whether it be prices, customers or even whether they’re selling bugs. But Bekrar is unabashed about what he’s doing and therefore has no qualms about any of it. It’s just business, after all.
“Have you ever met someone as transparent as me in this?” he asked. “No. No one else is like this.”
Article
Re: Hackers - A Big Business
Hopefully DDoS protection can be improved
Re: Hackers - A Big Business
Hello Mr. Kailo and welcome to RS.
It would be wonderful to have full protection from distributed denial-of-service attacks and someone to volunteer to provide that kind of service would save a lot of downtime for RS.