It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Computer Security Companies Boosting Internet Attacks
page: 10
share:
As most of you people might be aware of, the computer security market is growing in a fast phase. Full-disclosure of security vulnerabilities are done
by big security companies, to protect the financial world, the national infrastructure et cetera.
Security companies are, by almost everyone, portraited as the good guys. The fact though is, because of their full-disclosure of security vulnerabilities, people are able to program so called exploits, in order to gain access to computer systems. The security industry provides people, which are on the "dark side of the moon", with information in a rapid phase. Thus, this information is released for everyone to see. They do the research for the "bad guys".
What does this matter? Well, because of this rate of access, more and more people with almost no knowledge are able to attack companies et cetera. This means, an increased rate of attacks, and an increased rate of attacks gives what? Correct, more money to the security industry.
So, this is almost like releasing a virus, then fix your own virus and make money while doing it.
[edit on 1-2-2005 by StarLight]
Security companies are, by almost everyone, portraited as the good guys. The fact though is, because of their full-disclosure of security vulnerabilities, people are able to program so called exploits, in order to gain access to computer systems. The security industry provides people, which are on the "dark side of the moon", with information in a rapid phase. Thus, this information is released for everyone to see. They do the research for the "bad guys".
What does this matter? Well, because of this rate of access, more and more people with almost no knowledge are able to attack companies et cetera. This means, an increased rate of attacks, and an increased rate of attacks gives what? Correct, more money to the security industry.
So, this is almost like releasing a virus, then fix your own virus and make money while doing it.
[edit on 1-2-2005 by StarLight]
The more legit securityfirms like symantec and MCafee should start handing out certificates to security firms that comply to ethic behaviour . like
not immediately publicating source code, but giving the targeted softwarecompany time to release a patch......
[edit on 1-2-2005 by Countermeasures]
[edit on 1-2-2005 by Countermeasures]
Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly
publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full
code on how to fix the problem.
Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.
Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info they need to run their bussines totaly free is so much easyer.
The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and hardware to help shield exploitable systems from the open net.
Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.
Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info they need to run their bussines totaly free is so much easyer.
The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and hardware to help shield exploitable systems from the open net.
Originally posted by thematrix
Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full code on how to fix the problem.
Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.
Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info they need to run their bussines totaly free is so much easyer.
The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and hardware to help shield exploitable systems from the open net.
100% agree... said much better than i could've!!
I worked for a network security firm at one point, mcafee specifically. They find most of their security holes by surfing hacker and exploit sites,
not only that but to my knowledge they do always notify the software provider before they release information to the general public.
Yes, well, I have a friend at iDEFENSE and what I've seen, they have their own research team which focuses on exploiting computer software. They have
also bought information from the "dark side".
Can't say, but to me it just seems as if we'd have fewer attacks if full-disclosures weren't to much full-disclosure. Some of my friends read the full-disclosures from the security community and code exploits afterward. That's how many of them work. Afterwards the exploits are released and individuals without deeper knowledge execute them and gain access, more or less.
Can't say, but to me it just seems as if we'd have fewer attacks if full-disclosures weren't to much full-disclosure. Some of my friends read the full-disclosures from the security community and code exploits afterward. That's how many of them work. Afterwards the exploits are released and individuals without deeper knowledge execute them and gain access, more or less.
new topics
-
Smartest Man in the World Tells His Theory About What Happens At Death
Philosophy and Metaphysics: 1 hours ago -
Covid....... Again.
Diseases and Pandemics: 3 hours ago -
US Federal Funding set to Expire December 20th. Massive CR on the way.
Mainstream News: 4 hours ago -
and14263 New Account Not the Same Old Me
Introductions: 5 hours ago
top topics
-
Covid....... Again.
Diseases and Pandemics: 3 hours ago, 9 flags -
US Federal Funding set to Expire December 20th. Massive CR on the way.
Mainstream News: 4 hours ago, 7 flags -
The truth lets admit it
Aliens and UFOs: 17 hours ago, 6 flags -
Just spotted an unusual aircraft Melbourne Australia
Aliens and UFOs: 12 hours ago, 6 flags -
Smartest Man in the World Tells His Theory About What Happens At Death
Philosophy and Metaphysics: 1 hours ago, 6 flags -
and14263 New Account Not the Same Old Me
Introductions: 5 hours ago, 2 flags
0