Tuesday, September 16, 2008

Vulnerabilities - a profitable business?

All we hear from time to time about vulnerabilities in software that allow people to organize botnety nasty, get control of servers and banks to write off from the accounts of unsuspecting ordinary person and then earned blood money ... Vulnerabilities - is, of course, an integral attribute of any software. But what they found? And, more importantly, by whom?

In general, if there is a program without mistakes, they are so simple in structure, that the user is not interested. Where the number of lines of code exceeds one program (which is written something like "printf (" Hello World !");"), appears and place for a variety of bugs, vulnerabilities and other unclean, which zagovarivayut program programmers yes testers. There are, of course, some ideas on how to reduce the number of errors in the software, where this is particularly critical. Think programming language Ada, functional programming, development through testing (test-driven develop-ment) ... Only special popularity they do not purchased. Difficult to say why - it is possible that all entirely without a twinge of conscience without any conscience, you can write off on the inertia of programmers and even managers, guiding design software products ...

Interesting question of how reveals the existence of vulnerabilities. It would seem that everything is very simple: the user is working with the program, and suddenly he Spybot error message (or program hangs, or even any extraordinary events), and about this error reported in the blog user. Blogs are criminals - and here we are no longer just a bug, a vulnerability in all its terrible beauty. Only, despite the seemingly plausible this scenario, it is not too likely. Look news related vulnerabilities in the programs: the lion's share of them starts with phrases like "the well-known expert on security MakTakoy This is something reported on them found new vulnerabilities in popular operating system Kastryuliks." Who are these experts on security and why they are seeking vulnerabilities? Agree, a rather curious question.

To those who have such experts on security, no doubt, I think no one does not arise. Good understanding of protection issues can only someone who understands well and in the attack. That is, speaking in Russian, experts on security (usually true, this phrase used even with some adjective, showing that security concerns are the scope of information technology: experts on information security, network security experts, experts on computer security and so on and so forth) - It's easy re-crackers. Well, actually, it is obvious, and nothing terrible is not - can only rejoice over such people get the opportunity to legally engage in a favourite cause. Another issue that they receive for holding this case? Indeed, hardly qualified prefer to leave their attacker, though not legal, but highly profitable business in order to be able to find other people's mistakes free.

Many well-known experts on security work for the successful and large companies producing software for which the death of similar mistakes. For example, this programme for the banking industry or on-board aircraft systems, which should not be available for infiltration from the outside, but the obligation to ensure a stable relationship with those with whom you want to be bound. Of course, not everyone will agree to free hacker "sell" Corporations - even if the price for his skills and will be appointed very, very attractive. Many experts on security are opening their own companies, research vulnerabilities, data collection and compilation of various bulletins on vulnerabilities in the programs. This business has a very good income - such as the attention not only to buy the company, whose products are found vulnerability, but also those who wish to exploit these vulnerabilities. Not necessarily so hackers - they simply do not have enough money to buy such information, they often engage in that resell virus, spammers and other dark figures found loopholes. No, here, but rather a question of competing companies wishing podmochit reputation of any publication of information about product vulnerabilities.

What I tell all this? And that Belarusians would be well to create forces companies dealing with information security, rather than the fruits of outsourcing firms, which differ only names. This business requires a much smaller initial investment - need only the knowledge, plus a reputation that will earn quality services. However, of course, go protorennymi paths outsourcing probably easier ... Or I am wrong? I would like to believe in it ...

1) "Get Money for Clicks" NameDrive.com - Fastest Growing Domain Parking Company in the World.
2) Search your domain name wishing to have! FREE DOMAINS - yourname.co.cc

No comments:

Post a Comment