It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Computer Security Companies Boosting Internet Attacks

page: 1
0

log in

join
share:

posted on Feb, 1 2005 @ 03:57 AM
link   
As most of you people might be aware of, the computer security market is growing in a fast phase. Full-disclosure of security vulnerabilities are done by big security companies, to protect the financial world, the national infrastructure et cetera.

Security companies are, by almost everyone, portraited as the good guys. The fact though is, because of their full-disclosure of security vulnerabilities, people are able to program so called exploits, in order to gain access to computer systems. The security industry provides people, which are on the "dark side of the moon", with information in a rapid phase. Thus, this information is released for everyone to see. They do the research for the "bad guys".

What does this matter? Well, because of this rate of access, more and more people with almost no knowledge are able to attack companies et cetera. This means, an increased rate of attacks, and an increased rate of attacks gives what? Correct, more money to the security industry.

So, this is almost like releasing a virus, then fix your own virus and make money while doing it.

[edit on 1-2-2005 by StarLight]




posted on Feb, 1 2005 @ 04:47 AM
link   
The more legit securityfirms like symantec and MCafee should start handing out certificates to security firms that comply to ethic behaviour . like not immediately publicating source code, but giving the targeted softwarecompany time to release a patch......


[edit on 1-2-2005 by Countermeasures]



posted on Feb, 1 2005 @ 05:38 AM
link   
Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full code on how to fix the problem.

Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.

Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info they need to run their bussines totaly free is so much easyer.

The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and hardware to help shield exploitable systems from the open net.



posted on Feb, 1 2005 @ 11:05 AM
link   

Originally posted by thematrix
Its both sides of the hacking community that brings the holes to light, whitehats find holes and bugs as a hobby and are friendly enough to immediatly publisize their findings, so that software company's and security firms can fix the problems, in some cases, Whitehats even give suggestions or full code on how to fix the problem.

Blackhats post their findings on hackers sites and share their findings with eachother so that they can boast about it or sometimes because they know that some hacker is looking for a specific way to get past a part of a system, for a project he is currently working on.

Rarely its a security company that finds a bug or vulnerability, very rarely, heck, why would they, surfing the hackers sites and getting all the info they need to run their bussines totaly free is so much easyer.

The only thing the security company's do is exploit the situation and plug holes they have been made aware of by the hackers and sell software and hardware to help shield exploitable systems from the open net.


100% agree... said much better than i could've!!



posted on Feb, 1 2005 @ 01:48 PM
link   
I worked for a network security firm at one point, mcafee specifically. They find most of their security holes by surfing hacker and exploit sites, not only that but to my knowledge they do always notify the software provider before they release information to the general public.



posted on Feb, 1 2005 @ 03:34 PM
link   
Yes, well, I have a friend at iDEFENSE and what I've seen, they have their own research team which focuses on exploiting computer software. They have also bought information from the "dark side".

Can't say, but to me it just seems as if we'd have fewer attacks if full-disclosures weren't to much full-disclosure. Some of my friends read the full-disclosures from the security community and code exploits afterward. That's how many of them work. Afterwards the exploits are released and individuals without deeper knowledge execute them and gain access, more or less.



new topics

top topics
 
0

log in

join