Make Extra Money Online for Hackers?
I came across this story today about auctioning security loopholes found in software
Security researchers who find holes in software can now sell their findings to the highest bidder.
An online auction house has been created to bring together those who find the loopholes with the companies that can do something about them.
Looks like those of you who know a bit of programming can make extra money by finding those loopholes (*cough*Microsoft*cough*).
The independent auction house, called WabiSabiLabi, aims to staunch the flow of vulnerabilities to the underground by giving security researchers a legitimate marketplace for what they find.
So in other words, instead of giving out the information to other hackers, it would be better to sell it legitimately to this auction house.
Hmm I don’t know about you, but by selling it to the auction house, aren’t you just letting yourself become one of the suspects if the software got hacked one day? Maybe that’s the hidden agenda behind this scheme? If I’m the person behind this auction house, I would certainly record all the data of the so-called researchers. Who knows they are just another hacker who try to appear innocent? Even if they’re not, I would take them as the prime suspects since they already know the vulnerabilities of the software.
If I’m one of the security researchers, I’m not sure I would participate in this scheme. It’s too risky. Maybe the FBI are watching all the transactions. Yeah I might sound a bit paranoid, but good people being falsely convicted happens a lot these days, so why risk it?
I’m not against this but I think it’s better for software companies to employ skillful people to analyze their softwares, instead of doing this kind of stuff. Or maybe that’s the plan all along, to make it easier to catch hackers?
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment