[转载]FrSIRT Puts Exploits up for Sale
<P>信息来源:<A href="http://www.eweek.com/article2/0,1759,1938511,00.asp?kc=EWRSS03129TX1K0000614">[url]http://www.eweek.com/article2/0,1759,1938511,00.asp?kc=EWRSS03129TX1K0000614</A>[/url]</P><P>Independent security research outfit <A href="http://www.frsirt.com/">FrSIRT.com</A> is putting its database of security exploits behind the paid curtain. </P>
<P>FrSIRT, previously known as K-Otik, has shut down the public exploits section of its Web site and announced that all exploits and proof-of-concept code will be sold through its subscription-based VNS (Vulnerability Notification Service). </P>
<P>The 3-year-old company, which operates out of Montpellier, France, is considered the go-to place for finding exploit code for known software vulnerabilities and <!-- start ziffarticle //--><A href="http://www.eweek.com/article2/0,1895,1888551,00.asp">has been a thorn in the side of many vendors, including Microsoft.</A><!-- end ziffarticle //-->
<P>FrSIRT describes itself as the trusted center for the collection and dissemination of information related to network threats, vulnerabilities, exploits and incidents, but critics say the company's open approach to releasing harmful exploit code borders on "irresponsible disclosure."
<P><!-- start ziffimage //--><IMG height=34 alt=Pointer src="http://common.ziffdavisinternet.com/util_get_image/2/0,1425,i=28571,00.gif" width=28 align=left border=0 ?><!-- end ziffimage //--><A href="http://security.ithub.com/">For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's <U>Security IT Hub</U>.</A>
<P><!-- start ziffsection //--><A href="http://www.eweek.com/category2/0,1874,1772322,00.asp"><!-- start ziffimage //--><!-- end ziffimage //--></A><!-- end ziffsection //-->
<P>The new <A href="http://www.frsirt.com/services/">FrSIRT VNS</A> offers round-the-clock monitoring of new vulnerabilities and threats, and promises real-time access to a Web-based security alerting service.
<P><!-- start ziffimage //--><IMG height=34 alt=Pointer src="http://common.ziffdavisinternet.com/util_get_image/2/0,1425,i=28571,00.gif" width=28 align=left border=0 ?><!-- end ziffimage //--><!-- start ziffarticle //--><A href="http://www.eweek.com/article2/0,1895,1840615,00.asp">Does paying for exploit information undermine security? <U>Click here</U> to read more.</A><!-- end ziffarticle //-->
<P>The alerts are delivered through a Web portal, XML feeds and e-mail subscriptions. Subscribers will also get an online vulnerability scanner and scheduler with which to run security scans on a regular basis to check for security vulnerabilities.
<P><!-- start ziffimage //--><IMG height=34 alt=eSeminars src="http://common.ziffdavisinternet.com/util_get_image/8/0,1425,i=84833,00.gif" width=28 align=left border=0 ?><!-- end ziffimage //--><A href="http://www.eseminarslive.com/article2/0,2144,1931301,00.asp?partnerref=ewkfingerlinks">Ziff Davis Media eSeminars invite: Learn how to proactively shield your organizations against threats at all tiers of the network, Symantec will show you how, live on March 21 at 4 p.m. ET. Sponsored by Symantec.</A>
<P><!-- start ziffsection //--><A href="http://www.eweek.com/category2/0,1874,1595546,00.asp"><!-- start ziffimage //--><!-- end ziffimage //--></A><!-- end ziffsection //-->
<P>FrSIRT said pricing for the service will vary based on the number of users that will be licensed to receive the alerts and access the exploit code samples.
<P>The new service is part of a growing trend among third-party researchers to profit from code auditing work. <!-- start ziffarticle //--><A href="http://www.eweek.com/article2/0,1895,1772418,00.asp">Companies like iDefense and Tipping Point have found a lucrative business</A><!-- end ziffarticle //--> in purchasing the rights to information on vulnerabilities.
<P>Dutch security firm Frame4 Security Systems is also getting into the malware-for-sale market, launching a project called MD:Pro that offers access to thousands of downloadable malware samples. </P> Bad News!
FrSIRT's public exploits section have been definitively closed.
Exploits and PoCs are now available to FrSIRT VNS ([url=http://www.frsirt.com/english/services]Vulnerability Notification Service[/url]) subscribers only.
页:
[1]