^

Technology

Hackers ready to pounce on Vista

- Brad Stone, New York Times -
Microsoft says its new operating system, Windows Vista, is the most secure in the company’s history. Now the bounty hunters will test just how secure it is.

When its predecessor, Windows XP, was released five years ago, software bugs were typically hunted by hackers for fame and glory, not financial reward. But now software vulnerabilities – as with stolen credit-card numbers and spammable e-mail addresses – carry real financial value and are commonly bought, sold and traded online, both by legitimate security companies, who say they are providing a service, and by nefarious hackers and thieves.

Vista provides the latest target.

This month, iDefense Labs, a subsidiary of the technology company VeriSign, said it was offering $8,000 for the first six researchers to find holes in Vista, and $4,000 more for the so-called exploit, the program needed to take advantage of the weakness.

IDefense sells such information to corporations and government agencies, which have already begun using Vista, so they can protect their own systems.

Companies like Microsoft do not endorse such bounty programs, but they have even bigger problems: the willingness of Internet criminals to spend large sums for early knowledge of software flaws that could provide an opening for identity-theft schemes and spam attacks.

The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000. Security experts say that the price is plausible, and that they regularly see hackers on public bulletin boards or private online chatrooms trying to sell the holes they have discovered, and the coding to exploit them.

Especially prized are so-called zero-day exploits, bits of disruption coding that spread immediately because there is no known defense.

Software vendors have traditionally asked security researchers to alert them first when they find bugs in their software, so that they could issue a fix, or patch, and protect the general public. But now researchers contend that their time and effort are worth much more.

Misusing such information to attack computers or to aid others in such attacks is illegal, but there appears to be nothing illegal about the act of discovering and selling vulnerabilities. Prices for such software bugs range from a couple of hundred dollars to tens of thousands.

BUGS

HACKERS

MICROSOFT

NOW

RESEARCHERS

ROMANIAN WEB

SECURITY

SOFTWARE

TREND MICRO

VISTA

WINDOWS VISTA

  • Latest
Latest
Latest
abtest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with