When They Said "Get It On eBay", I Doubt This Is What They Meant
from the W32.this-space-for-rent.P@mm dept
The idea of using security exploits to make some cash certainly isn't anything new -- online extortion schemes have been fairly popular, even if script kiddies are killing the margins. But apparently discovering security vulnerabilities and selling them off to the highest bidder is a growth industry, according to one security firm, even being brazen enough to put them up on eBay. It's hardly surprising to see hackers and malware writers searching for some remuneration for their efforts, particularly with the explosion in phishing, identity theft and other potenially lucrative crimes, and their dependence on staying a step ahead of security companies. What's slightly more interesting, though, is that many security companies themselves are shelling out for the vulnerabilities, under the guise of the greater good, but really getting the information to give themselves a head start in closing the vulnerabilities, and enhancing their products and reputation. Economists love to talk about the value of incentives in motivating people to particular behavior -- perhaps giving malware authors incentives to turn their work over to software developers or security companies isn't such a bad idea.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Turn off anonymous comments and turn on registration and moderation.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Oh yeah! I'm in for the 20th post!!!
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
2. someone posts
3. first post gets deleted
4. goto 2
???
5. PROFIT!!!!
[ link to this | view in chronology ]
good idea
[ link to this | view in chronology ]
Profitability VS Responsibility
[ link to this | view in chronology ]
Re: Profitability VS Responsibility
[ link to this | view in chronology ]
That's the way (ah huh) I like it
I probably have $20,000 in free legal software now and to me makes better sense to help the companies than some stupid loser high school kids that does not get it.
Find the flaw and work with the business is the only way to do it right, plus you get better "street cred" than those idiots out there.
[ link to this | view in chronology ]
Re: That's the way (ah huh) I like it
[ link to this | view in chronology ]
It's Not Renumeration
1. The act of remunerating.
2. Something, such as a payment, that remunerates.
[ link to this | view in chronology ]
Re: It's Not Renumeration
[ link to this | view in chronology ]
Re: Re: It's Not Renumeration
http://www.wsu.edu/~brians/errors/remuneration.html
[ link to this | view in chronology ]
Re: It's Not Renumeration
The act of numbering something that has already been numbered.
[ link to this | view in chronology ]
not good...
This is just another incentive to CONTINUE their deplorable practice. Though I suppose it does keep a lot of people employed.
[ link to this | view in chronology ]
Re: not good...
[ link to this | view in chronology ]
Make secure code
[ link to this | view in chronology ]
Re: Make secure code
You may be a programer but have you ever created an OS? I would bet not .. and I'd bet that you haven't had to create a program that runs on the majority of PC's world wide. But I may be wrong you may be some super intellect that is able to predict the future.
MS is easy to pick on simply because they are everywhere. They are everywhwere because the majority of people think their product is better than the competition.
[ link to this | view in chronology ]
Re: Re: Make secure code
True. No one CARES that they dont have secure software, exept people like me. That is because the majority of people are STUPID. (no offense stupid people)
Smart people like me care. If more people were smart, and therefor cared, MS couldn't get by with they're bad software.
[ link to this | view in chronology ]
Catch Me if You Can
Leo's character forged checks, and the FBI was after him. Once they found him, they made them help detect bad checks, and develop ways to test new checks for vurnabilities. It is quite nice to see someone "turn around" and hopefully crime will stop in the future. here's to dreaming
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Ok back on topic
Sounds like a new job to me! I agree dont pay them but reward them with a copy of the software. Gets them using it and doesnt make an industry out of it.
Stop the MS bashing I can show you time and again where *nix and MAC have security holes the size of MS campus. To sit and think for a moment that one OS is better then the next is retarded. ALL digital information that is secure can be hacked and all the same info that is not secure can be hacked if you think your Linux is safe I will personally send you to sites dedicated to hacking *nix as its even easier to do. MAC = LINUX ro WINDOWS so your last people who can speak now.
[ link to this | view in chronology ]
Re: Ok back on topic
As for the bashing, I have to agree with an earlier poster. Among other things I'm a system engineer and have designed and written my own OS, database servers, and application suites over the last three decades. While no one has found a bug or security hole to date, it sure wasn't easy although coming from the mainframe world where zero defects is de rigueur sure helps. The design and mathematical validation easily took ten times longer than the actual coding and testing. So does the threat of federal time if you frag up {smile}. I do get to see the security notices march by day in and day out, naturally since systems security is one of my main focii these days. Windows is just a better target, so it gets most of the savaging. It also helps that the codebase for Linux is significantly smaller at the kernal level. Lastly, Windows incorporates a lot of applications into the OS that are not in Linux directly. Toss in Linux applications to the mix for vulnerabilities and the numbers get more comprable.
Actually I get damned tired of this "my OS is better than your OS, nah, nah" BS. All of them are weak, Windows, Linux, and Mac, when it comes to overall (OS and applications) security. If I tried to get away with this crap when I was working for the government somebody would have died and they'd be considering whether it would be life in prison without the possiblity of parole or hanging.
Ever wonder why there are life/nuclear critical exclusions in so many operating systems and applications license agreements? Your bug, you go to prison.
[ link to this | view in chronology ]
Re: Re: Ok back on topic
[ link to this | view in chronology ]
Good idea
But definitely don't offer money but instead free copies of the software. That why they know they are using a secure product (because they are one ones testing it) and it builds trust with that developer.
Only problem is if it became public (out in the open on the net) that you're doing this then you would treated as a narc.
[ link to this | view in chronology ]
nice
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: to marks comment
that includes u
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cut off their hands
[ link to this | view in chronology ]
Well...
But all in all, this selling malware shit on e-Bay is fucked. I think these auctions should be shut down and the owner of the account IP banned. Even though IP bans really dont do much anymore with Proxies.
[ link to this | view in chronology ]
It would help if we would step across borders on t
It has gotten out of control though I do agree that some credit should go to those who find glitches and fix the problems someone may be having.
[ link to this | view in chronology ]
Reward those who find it and do not exploit it
[ link to this | view in chronology ]
Spelling....
[ link to this | view in chronology ]
[ link to this | view in chronology ]
yes we need to hold people accountable
If the punishment were anything less it would not be serrious enough. However if Joe Script Kiddie or Bob Anonymous Hacker thought he was gonna fry for being a little bass turd would they be so willing to take their shot? Or would they find a new hobby or maybe get a real job ...
[ link to this | view in chronology ]
Did you change the headline of this article?
When They Said "Get It On eBay", I Doubt This Is What They Meant
I just thought it's kinda odd to see this changed without any note on the page...
[ link to this | view in chronology ]
Post 36
[ link to this | view in chronology ]
Re: Post 36
[ link to this | view in chronology ]
g
[ link to this | view in chronology ]
Is this a Joke?
"from the W32.this-space-for-rent.P@mm dept"
[ link to this | view in chronology ]
"from the W32.this-space-for-rent.P@mm dept"
oh noez, teh scriptoz kidde1s f0und us
[ link to this | view in chronology ]
About the sub headline. When new exploits are found most anti-virus software makers give the exploits a name. Something that reflects the OS that it targets...W32. Then the exploit name...this-space-for-rent. Then I think it's the version...P@mm( this would P mutation or verison or such).
[ link to this | view in chronology ]
[ link to this | view in chronology ]