Slashdot Mirror

← Back to Stories (view on slashdot.org)

Auction Site To Sell Security Vulnerabilities

Posted by CowboyNeal on from the safety-to-the-highest-bidder dept.

talkinsecurity writes "A Swiss research lab has built an eBay-like marketplace where hackers and researchers can sell the security vulnerabilities they discover to the highest bidder. WabiSabiLabi could replace the back-room, secret sites where researchers and hackers used to sell their exploits and replace them with a neat, clean way to make money by finding security flaws. Those who have seen the site say they are concerned about how the buyers will be vetted, and how the marketplace will ensure the flaws aren't found through illegal methods."

3 of 121 comments (clear)

  1. Now bidding by nrgy · · Score: 5, Funny

    System - Microsoft Windows
    Flaw - You name it
    Bid - 1 beeeeellllion dollars

  2. Self Exploitation by Alchemist253 · · Score: 5, Funny

    I wonder how long it will be before someday auctions a vulnerability discovered in the auction site itself.

  3. Re:Interesting vulnerabilites on the site by Joe+U · · Score: 2, Funny

    People tend to think that DoS just means hammering the line into submission; it's a broader topic than that. If that kernel memory leak can be triggered by any outside signal, then anyone who wants to bring that box down just needs to trigger it over and over until the box has run out of RAM and swap. On a high speed network, that can often be done shockingly quickly - on the order of tens of minutes, occasionally faster.


    In the web services industry we call this ColdFusion 5 and Microsoft Access.