Eye-catching streaming video courtesy of iDefense. In the past, iDefense got a lot of publicity due to their outstanding cyber intelligence capabilities, and quality reports among which my favorite is the one providing a complete coverage of the China vs U.S cyberwar due to the captured AWACS in case you remember. VeriSign, perhaps the last vendor you would think of, purchased the company with the idea to diversify its portfolio of services and further expand their market propositions, if critical infrastructure is what they manage, an IDS signature when there's no patch available and wouldn't be not even next Patch Tuesday, is invaluable and proactive approach for protecting a company's assets. Recently, iDefense offered another bounty on zero day vulnerabilities in Vista and IE7, but considering that Windows Vista is still not adopted on a large corporate and end user scale the way XP is, therefore a zero day exploit for Windows XP must have a higher valuation then a Windows Vista one. Proving Vista is insecure and iDefense taking the credit for it though, is a strategic business move rather then a move aiming to improve the overal security of their customers -- if only could iDefense purchase all the exploits from Month of the X Bugs initiatives. Moreover, a Vista zero day exploit was available for sale. Feel the hypo-meter about to explode. Think malicious attackers. Would someone pay $50,000 for an exploit of an OS whose adoption by corporate and home users is continuing to sparkle debates, while an IE6 zero days are offered in between $1000-2000?In the time of blogging, there're numerous zero day vulnerabilities for sale out there, the way this commercialization of vulnerability research directly created the -- thankfully -- stil not centralized underground market for vulnerabilities by adding more value to what's a commodity from my point of view. Here's a complete coverage on how the WMF vulnerability got purchased for $4000 in case you want to deepen your knowledge into the topic.
No comments:
Post a Comment