How to Build a Bomb

Well, only partly. I commented several times already about WabiSabiLabi. I especially like their statement "closer to zero risk". At the moment there is an SAP vulnerability at stake. It is initially priced on €4'000. If you read their blog, Focus on: SAP MaxDB remote code execution, it seems to be clear that is vulnerability is a very high risk. So in order to get "closer to zero risk" they sell it to whomever is ready to spend enough money (e.g. organized crime) – I still question their view of the world…

Roger

Published 12 December 07 10:05 by rhalbh
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Shoaib Yousuf said on December 12, 2007 6:34 PM:

I actually didn’t like the idea of WabiSabiLabi and I am totally against it. The recent report from IBM ISS disclosed that cyber crime is getting more and more organized day by day. We need to understand that this vulnerability can be purchased by any company, bad guys or member of organized crime to set up an attack on targeted company using that vulnerability. That is not closer to Zero day…it is actually going far from Zero Day….WabiSabiLabi should change their slogan to: Supporting Bad Guys in going ahead of Zero Day…

Also, keeping in mind WabiSabiLabi wants bad guys or researchers getting paid for piece of work they are doing and I like that idea but reward should be given by the rightful owners of the software not by some third party company like WabiSabiLabi.

Cheers

Shoaib

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker