<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d9924031\x26blogName\x3dApathy+Curve\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://apathycurve.blogspot.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://apathycurve.blogspot.com/\x26vt\x3d-8459845989649682690', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tuesday, March 24, 2015

"Research"

The internet browser companies have a clever tactic for finding exploitable code in their products: they run a competition for hackers (comically referred to as "security researchers") and pay them for every exploit they demonstrate:

Another security researcher, JungHoon Lee, managed to demonstrate exploits against Chrome, IE 11 and Safari. As you can imagine, he walked away with quite a bit of money: $75,000 for the Chrome bug, $65,000 for IE and $50,000 for the Safari vulnerability. He also received two bonuses totaling $35,000.


Impressive. What would impress me more is if the FBI and Interpol were waiting at the door as he tries to make his way out of the building. He can keep the money, for the all good it will do him in jail.

What's that you say? If they do that, no one will come next year? I beg to differ; simply increase the prize values. We're dealing here with criminals. Like all criminals, they are unable to resist the lure of easy money, even when they know it's a trap. Much like animals, criminals can sometimes behave in clever fashion, but they aren't really all that smart. Whether they're hacking a web browser or holding up a liquor store, the mentality is exactly the same, and they should be treated no differently.

1 Comments:

Blogger Banduar said...

A friend of mine works in information security, and a lot of those guys are "white hat" hackers that have no interest in exploiting the security vulnerabilities that they find. They like calling themselves "hackers" because it sounds cools, but they are no more criminals than a locksmith is a thief.

12:23  

Post a Comment

<< Home