Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

How to Build a Bomb

How to Build a Bomb

  • Comments 1
  • Likes

Well, only partly. I commented several times already about WabiSabiLabi. I especially like their statement "closer to zero risk". At the moment there is an SAP vulnerability at stake. It is initially priced on €4'000. If you read their blog, Focus on: SAP MaxDB remote code execution, it seems to be clear that is vulnerability is a very high risk. So in order to get "closer to zero risk" they sell it to whomever is ready to spend enough money (e.g. organized crime) – I still question their view of the world…

Roger

Comments
  • I actually didn’t like the idea of WabiSabiLabi and I am totally against it. The recent report from IBM ISS disclosed that cyber crime is getting more and more organized day by day. We need to understand that this vulnerability can be purchased by any company, bad guys or member of organized crime to set up an attack on targeted company using that vulnerability. That is not closer to Zero day…it is actually going far from Zero Day….WabiSabiLabi should change their slogan to: Supporting Bad Guys in going ahead of Zero Day…

    Also, keeping in mind WabiSabiLabi wants bad guys or researchers getting paid for piece of work they are doing and I like that idea but reward should be given by the rightful owners of the software not by some third party company like WabiSabiLabi.

    Cheers

    Shoaib

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment