WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> LATEST NEWS

Outrunning the Bears

In-house hackers help Web sites stay steps ahead by finding vulnerabilities before they are exploited

By Jeff Feinman

July 1, 2007 — (Page 1 of 3)
The term “hackers” does not merely represent the villains that break into Web sites to do malicious things and steal important information. There are the white knights of the hacker society as well, scanning Web sites and conducting penetration tests to find vulnerabilities. Ethical hacking has become a security tool, as organizations seek out their vulnerabilities before the wrong sets of eyes find them.

BUGS FOR SALE
A developer for the open source Metasploit project, a computer security project that provides help and tooling for penetration testing, said that hackers are starting to sell the vulnerabilities they find because bugs are getting harder to find. The developer, who asked to be referred to only as Pusscat, said sale prices depend on what the bug is.

Pusscat and other developers contribute exploit code to Metasploit on an ad hoc basis. Exploit code is code that takes advantage of a software vulnerability to subvert some security mechanism, most usually to execute arbitrary code on the system within the context of that process.

“There’s a lot of time and effort that goes into finding [vulnerabilities], and even more that goes into exploiting them,” Pusscat said. “It’s basically free work you’re giving the company if you disclose the bug. The ones that get disclosed are usually disclosed by people who think they have more going for them in name recognition than in selling the bug.”

Pusscat also said that hackers can achieve a great deal of fame and a stronger resume if they release vulnerabilities publicly.

Both Pusscat and Scott Laliberte, director of security assessments for Protiviti, a provider of audit and technology risk consulting services, said most hackers follow the unwritten rule of responsible disclosure, which calls for informing the company and giving them the information you have on the vulnerability, while the company in turn gives a timeline for fixing the patch.

Sometimes the researcher and the company can negotiate an acceptable time line, with the researcher vowing to keep it quiet until that date, and the company crediting the researcher for finding it, according to Pusscat.

Pages 1 2 3

Share this link: http://sdt.bz/30856

Most Read Latest News Blog Resources

Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans

Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists

From the Editors: Node.js is unruly, but that’s where the fun is
The time to get involved with Node.js is now; Hadoop is about to break its own barriers

Zeichick’s Take: Looking for the best of the best of the best
It's time once again for readers to send in nominees for the SD Times 100

Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans

Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists

Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles

Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.

The Hidden Costs of Software Licensing Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...

Case Study: You May Need a Development Mechanic As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...

Ensuring Software Quality at a Major International Bank One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...

Load Testing Adobe Flex Applications Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

What Bears Repeating Software development is hard. Software development can be made easier by disciplined team and managerial practices. The best programmers are...

SD West Bears Development Fruit SANTA CLARA — The SD West conference, held here in late March, played host to development tools vendors both new...

Add comment

Name*
Email*
Country

Comment

What Bears Repeating
Software development is hard. Software development can be made easier by disciplined team and managerial practices. The best programmers are Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
02/07/2012 11:57 AM EST

RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
02/04/2012 01:57 PM EST

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

Bloomberg opens its API
Bloomberg's APIs could lead to a future standard for accessing market data.
02/01/2012 04:41 PM EST