Reader Comments (rss)

(Flattened / Threaded)

1.  

   

   unibomber, Jul 14th, 2006 @ 11:13am

   
   

   FINALLY lol

   [ reply to this | link to this | view in thread ]

2.  

   good idea

   

   Anon, Jul 14th, 2006 @ 11:15am

   
   

   Hey give the script kiddies something to do. It's a good idea. find a hole, get paid for it. Why not. If you have found something no one else has, and maybe the way to fix it as well, why not get paid for your work. And it keeps them from doing things they shouldn't be on other's servers.

   [ reply to this | link to this | view in thread ]

3.  

   Profitability VS Responsibility

   

   Joe Bastedo, Jul 14th, 2006 @ 11:22am

   
   

   This brings up a whole new "gray area" in internet ethics. A person might look at this as rewarding people for unethical behaviour. I see it as rehabilitating these miscreants by giving them a viable place in the growing macrocosm which is the internet by using them to help "security companies...give themselves a head start in closing the vulnerabilities, and enhancing their products and reputation." I agree wholeheartedly with Carlo when he says "perhaps giving malware authors incentives to turn their work over to software developers or security companies isn't such a bad idea."

   [ reply to this | link to this | view in thread ]

4.  

   That's the way (ah huh) I like it

   

   CoderDude, Jul 14th, 2006 @ 11:26am

   
   

   Many times I have found certain exploits in several major software firms, but I never try to let the little script kiddies know about this. instead I always send them to the development teams of the companies. Many times in return they will give me free licensed software for my help in making their software better.
   I probably have $20,000 in free legal software now and to me makes better sense to help the companies than some stupid loser high school kids that does not get it.
   Find the flaw and work with the business is the only way to do it right, plus you get better "street cred" than those idiots out there.

   [ reply to this | link to this | view in thread ]

5.  

   Re:

   

   Anonymous Coward, Jul 14th, 2006 @ 11:29am

   
   

   Suggestion to Techdirt: delete the first post.

   [ reply to this | link to this | view in thread ]

6.  

   It's Not Renumeration

   

   Dam, Jul 14th, 2006 @ 11:32am

   
   

   it's REMUNERATION
   
   1. The act of remunerating.
   2. Something, such as a payment, that remunerates.

   [ reply to this | link to this | view in thread ]

7.  

   not good...

   

   Captain Howdy, Jul 14th, 2006 @ 11:35am

   
   

   I think all this will end up doing is allow the illicit programers to make some extra cash off of code they've already exploited for their own gain, and have sence lost an interest in/use for.
   
   This is just another incentive to CONTINUE their deplorable practice. Though I suppose it does keep a lot of people employed.

   [ reply to this | link to this | view in thread ]

8.  

   Re: not good...

   

   cjay, Jul 14th, 2006 @ 11:47am

   
   

   If they have already exploited teh code before turning their 'results' in, they run the risk of identifying themselves as an exploiter. If real damage is caused they are going to be a suspect and greatly improved their chances of gettign caught. If you're gonna turn in the code, better have clean hands.

   [ reply to this | link to this | view in thread ]

9.  

   Make secure code

   

   Yakov, Jul 14th, 2006 @ 11:49am

   
   

   Make secure code MS. I'm a programmer myself, and I have to say that if I've had to make critical fixes to something on a regular basis, I'd get a stern talking to from my management, and would surely be out of a job very quickly. This is slopiness and laziness plain and simple. If MS products where so swiss cheesed, this would not be an issue.

   [ reply to this | link to this | view in thread ]

10.  

    Re: That's the way (ah huh) I like it

    

    MetaLChurch, Jul 14th, 2006 @ 11:54am

    
    

    Agreed.

    [ reply to this | link to this | view in thread ]

11.  

    Catch Me if You Can

    

    Movie Viewer, Jul 14th, 2006 @ 12:16pm

    
    

    Isn't this simmilar to the Tom Hanks/Leo DiCaprio flick "cath me if you can"??
    
    Leo's character forged checks, and the FBI was after him. Once they found him, they made them help detect bad checks, and develop ways to test new checks for vurnabilities. It is quite nice to see someone "turn around" and hopefully crime will stop in the future. here's to dreaming

    [ reply to this | link to this | view in thread ]

12.  

    Re: Make secure code

    

    Vokay, Jul 14th, 2006 @ 12:38pm

    
    

    Yakov,
    You may be a programer but have you ever created an OS? I would bet not .. and I'd bet that you haven't had to create a program that runs on the majority of PC's world wide. But I may be wrong you may be some super intellect that is able to predict the future.
    
    MS is easy to pick on simply because they are everywhere. They are everywhwere because the majority of people think their product is better than the competition.

    [ reply to this | link to this | view in thread ]

13.  

    

    Tashi, Jul 14th, 2006 @ 12:45pm

    
    

    Linux managed to make a more secure OS. Why in the world did MS make everything accessible to the kernal? XP is better in this regard and it began to resemble Linux's more segregated architecture, but to assume MS can compete simply on its own merits of being a good product is a serious stretch.

    [ reply to this | link to this | view in thread ]

14.  

    Re: Re:

    

    DittoBox, Jul 14th, 2006 @ 12:54pm

    
    

    'nuff said. I'm getting tired of the "firstestist!" BS.
    
    Turn off anonymous comments and turn on registration and moderation.

    [ reply to this | link to this | view in thread ]

15.  

    Re: It's Not Renumeration

    

    Mischa, Jul 14th, 2006 @ 1:24pm

    
    

    LOL. Turns out I've been pronouncing the word wrong my whole life. It's amazing what you learn on techdirt. :-)

    [ reply to this | link to this | view in thread ]

16.  

    Ok back on topic

    

    Wire Cramped, Jul 14th, 2006 @ 1:34pm

    
    

    If I as a programmer make a program that can be exploited on purpose. What if I send the exploit info to anonymous coward who then says he found the exploit and gets paid from my management as a thank you???
    
    Sounds like a new job to me! I agree dont pay them but reward them with a copy of the software. Gets them using it and doesnt make an industry out of it.
    
    Stop the MS bashing I can show you time and again where *nix and MAC have security holes the size of MS campus. To sit and think for a moment that one OS is better then the next is retarded. ALL digital information that is secure can be hacked and all the same info that is not secure can be hacked if you think your Linux is safe I will personally send you to sites dedicated to hacking *nix as its even easier to do. MAC = LINUX ro WINDOWS so your last people who can speak now.

    [ reply to this | link to this | view in thread ]

17.  

    Re: Re: It's Not Renumeration

    

    Wire Cramped, Jul 14th, 2006 @ 1:36pm

    
    

    is is RENUMERATION if that is what you mean look here
    
    http://www.wsu.edu/~brians/errors/remuneration.html

    [ reply to this | link to this | view in thread ]

18.  

    Re: It's Not Renumeration

    

    Anonymous Coward, Jul 14th, 2006 @ 1:43pm

    
    

    Renumeration:
    
    The act of numbering something that has already been numbered.

    [ reply to this | link to this | view in thread ]

19.  

    Good idea

    

    Sanguine Dream, Jul 14th, 2006 @ 1:49pm

    
    

    I think it's a good idea to reward people that find exploits. What better way to protect against them? Thousands of users across the world have a better chance fully exploiting a product than the relatively small programming team that builds it. Kinda like in MMORPGs where the players are encouraged to report glitches (but I don't think there is a reward system).
    
    But definitely don't offer money but instead free copies of the software. That why they know they are using a secure product (because they are one ones testing it) and it builds trust with that developer.
    
    Only problem is if it became public (out in the open on the net) that you're doing this then you would treated as a narc.

    [ reply to this | link to this | view in thread ]

20.  

    Re: Re:

    

    Anonymous Coward, Jul 14th, 2006 @ 2:25pm

    
    

    Delete the fifth post!
    
    Oh yeah! I'm in for the 20th post!!!

    [ reply to this | link to this | view in thread ]

21.  

    Re: Re: Re:

    

    Wire Cramped, Jul 14th, 2006 @ 2:57pm

    
    

    Delete the 21st post!!!! woohoo!!!!

    [ reply to this | link to this | view in thread ]

22.  

    nice

    

    Joe Snuffy, Jul 14th, 2006 @ 3:09pm

    
    

    sounds like a good way to make money to me.

    [ reply to this | link to this | view in thread ]

23.  

    Re: Ok back on topic

    

    Brian, Jul 14th, 2006 @ 4:28pm

    
    

    I don't get paid for my security or alpha/beta-test work, however I usually do get to keep the software. Just counting single licenses, not multiple/unlimited licenses, I'm over the million dollar mark here and counting, although I certainly don't use it all on a daily basis. The work is challenging and, for me, fun.

    As for the bashing, I have to agree with an earlier poster. Among other things I'm a system engineer and have designed and written my own OS, database servers, and application suites over the last three decades. While no one has found a bug or security hole to date, it sure wasn't easy although coming from the mainframe world where zero defects is de rigueur sure helps. The design and mathematical validation easily took ten times longer than the actual coding and testing. So does the threat of federal time if you frag up {smile}. I do get to see the security notices march by day in and day out, naturally since systems security is one of my main focii these days. Windows is just a better target, so it gets most of the savaging. It also helps that the codebase for Linux is significantly smaller at the kernal level. Lastly, Windows incorporates a lot of applications into the OS that are not in Linux directly. Toss in Linux applications to the mix for vulnerabilities and the numbers get more comprable.

    Actually I get damned tired of this "my OS is better than your OS, nah, nah" BS. All of them are weak, Windows, Linux, and Mac, when it comes to overall (OS and applications) security. If I tried to get away with this crap when I was working for the government somebody would have died and they'd be considering whether it would be life in prison without the possiblity of parole or hanging.

    Ever wonder why there are life/nuclear critical exclusions in so many operating systems and applications license agreements? Your bug, you go to prison.

    [ reply to this | link to this | view in thread ]

24.  

    

    Mark, Jul 14th, 2006 @ 5:31pm

    
    

    Considering the, ah, WARM response you usually get when bringing a vulnerability to the responsible party's attention, I can't really blame someone for swinging the other way on this. I mean, we were telling the school district, in high school, the district's computer was at risk. All it got us was time in The Chair. If the people most able to correct a problem aren't interested in fixing it, only labeling you for a criminal, they deserve the consequences of their decision.

    [ reply to this | link to this | view in thread ]

25.  

    Re: Re: Re:

    

    Anonymous Coward, Jul 14th, 2006 @ 6:31pm

    
    

    No. Just no.

    [ reply to this | link to this | view in thread ]

26.  

    

    Techdirt, Jul 14th, 2006 @ 7:50pm

    
    

    Delete post #26 as well, please.

    [ reply to this | link to this | view in thread ]

27.  

    Cut off their hands

    

    fred mcmurry, Jul 14th, 2006 @ 9:07pm

    
    

    I think it's a great idea for these people to post themselves on eBay, or anywhere else. Now get somebody to find out where these people are, who they are, and cut off their hands, and jam them up their butts. These people are trash, they hurt many people, make life more difficult for all of us, could care less, even enjoy it. Five people get their hands cut off by some guy named Vinny and all the sudden being a dope doesn't seem like such a good idea.

    [ reply to this | link to this | view in thread ]

28.  

    Re: Re:

    

    satan, Jul 14th, 2006 @ 11:19pm

    
    

    why

    [ reply to this | link to this | view in thread ]

29.  

    Well...

    

    Sean, Jul 14th, 2006 @ 11:39pm

    
    

    I've actually discovered a few faults with the Window OS myself. I almost always report them to Microsoft, even though I myself know I shouldn't. I think that if people have found flaws in something, do not create malware or bullshit like that, but rather find a way to fix it and then market that to major companies that still use Microsoft. It can be quite profitable.
    
    But all in all, this selling malware shit on e-Bay is fucked. I think these auctions should be shut down and the owner of the account IP banned. Even though IP bans really dont do much anymore with Proxies.

    [ reply to this | link to this | view in thread ]

30.  

    It would help if we would step across borders on t

    

    Andrew Strasser, Jul 14th, 2006 @ 11:52pm

    
    

    We need to boost up our overseas ability to stop would be havens for malicious activity to stop. A much more important agenda than muzik downloads anyway....
    
    
    It has gotten out of control though I do agree that some credit should go to those who find glitches and fix the problems someone may be having.

    [ reply to this | link to this | view in thread ]

31.  

    Reward those who find it and do not exploit it

    

    Rob Maeurer, Jul 15th, 2006 @ 2:36am

    
    

    These teenagers sit at their computers all day messing with Windows. They should get paid for their work as long as they do not publicly exploit the vulnerability. We all know some kid who does this all day. I plan on forwarding this newsletter to the kid I know who's geekier than me.

    [ reply to this | link to this | view in thread ]

32.  

    Spelling....

    

    John Bamford, Jul 15th, 2006 @ 6:28am

    
    

    Interesting article. Surprised spell check didn't pick up "renumeration" as there is no such word. "Remuneration" is correct term. Picky I know but when you publish we look at it all.

    [ reply to this | link to this | view in thread ]

33.  

    Re: Re:

    

    Anonymous Coward, Jul 15th, 2006 @ 12:17pm

    
    

    It mad me Simle. Your's did not.

    [ reply to this | link to this | view in thread ]

34.  

    

    unibomber, Jul 15th, 2006 @ 1:55pm

    
    

    im gay !!

    [ reply to this | link to this | view in thread ]

35.  

    yes we need to hold people accountable

    

    kilroy, Jul 15th, 2006 @ 5:43pm

    
    

    ... but according to the laws of which Country or State? How should we determine whos laws are the most just. And once we determine the criteria ... there can be only one punnishment DEATH!
    
    If the punishment were anything less it would not be serrious enough. However if Joe Script Kiddie or Bob Anonymous Hacker thought he was gonna fry for being a little bass turd would they be so willing to take their shot? Or would they find a new hobby or maybe get a real job ...

    [ reply to this | link to this | view in thread ]

36.  

    Did you change the headline of this article?

    

    Johan, Jul 15th, 2006 @ 7:41pm

    
    

    Didn't this article used to have this headline?
    
    When They Said "Get It On eBay", I Doubt This Is What They Meant
    
    I just thought it's kinda odd to see this changed without any note on the page...

    [ reply to this | link to this | view in thread ]

37.  

    Post 36

    

    Anonymous Coward, Jul 15th, 2006 @ 8:57pm

    
    

    I agree with that 36. When THey Said doesn't make sense

    [ reply to this | link to this | view in thread ]

38.  

    g

    

    gaurav, Jul 15th, 2006 @ 10:52pm

    
    

    ad

    [ reply to this | link to this | view in thread ]

39.  

    Is this a Joke?

    

    Ordinator, Jul 16th, 2006 @ 8:49am

    
    

    and what's with the sub headline:
    
    "from the W32.this-space-for-rent.P@mm dept"

    [ reply to this | link to this | view in thread ]

40.  

    

    Tek'a, Jul 16th, 2006 @ 12:18pm

    
    

    and what's with the sub headline:
    
    "from the W32.this-space-for-rent.P@mm dept"
    
    oh noez, teh scriptoz kidde1s f0und us

    [ reply to this | link to this | view in thread ]

41.  

    Re: Re: Make secure code

    

    ubigcow, Jul 16th, 2006 @ 6:46pm

    
    

    "They are everywhwere because the majority of people think their product is better than the competition."
    
    True. No one CARES that they dont have secure software, exept people like me. That is because the majority of people are STUPID. (no offense stupid people)
    
    Smart people like me care. If more people were smart, and therefor cared, MS couldn't get by with they're bad software.

    [ reply to this | link to this | view in thread ]

42.  

    Re: to marks comment

    

    ubigcow, Jul 16th, 2006 @ 6:57pm

    
    

    I think They deserve the consiquences of they're actions, but not the rest of the population.
    
    that includes u

    [ reply to this | link to this | view in thread ]

43.  

    Re: Re: Ok back on topic

    

    ubigcow, Jul 16th, 2006 @ 7:05pm

    
    

    ok, mabey they are all unsafe............but that doesn't mean that it is acceptible.

    [ reply to this | link to this | view in thread ]

44.  

    Re: Post 36

    

    Mackie928, Jul 16th, 2006 @ 8:04pm

    
    

    Have you heard or seen the old Ebay ads.."Get it on Ebay? It refers to the old ad, that you can get just about anything on Ebay.

    [ reply to this | link to this | view in thread ]

45.  

    Re: Profitability VS Responsibility

    

    phorcephield, Jul 16th, 2006 @ 8:10pm

    
    

    im sorry but that grey area has always been there and always will be there is nothing "new" about it....

    [ reply to this | link to this | view in thread ]

46.  

    

    Mackie928, Jul 16th, 2006 @ 8:13pm

    
    

    Tek'a & Ordinator...
    About the sub headline. When new exploits are found most anti-virus software makers give the exploits a name. Something that reflects the OS that it targets...W32. Then the exploit name...this-space-for-rent. Then I think it's the version...P@mm( this would P mutation or verison or such).

    [ reply to this | link to this | view in thread ]

47.  

    

    hee haw, Jul 16th, 2006 @ 8:50pm

    
    

    Sounds like one of the kiddies is about to rat them out for doing this anyway under the table. So they are gonna try and bring it above board. Most of whats out their has been secretly sponsored by these same companies to keep them in biz.

    [ reply to this | link to this | view in thread ]

48.  

    Re: Re:

    

    ioral, Jul 16th, 2006 @ 9:59pm

    
    

    1. article has no comments
    2. someone posts
    3. first post gets deleted
    4. goto 2
    ???
    5. PROFIT!!!!

    [ reply to this | link to this | view in thread ]

49.  

    Re:

    

    PC Tech, Jul 17th, 2006 @ 4:53am

    
    

    When someone says that Linux is more secure, that comment always makes me laugh. Does anyone know the number of updates necessary to make linux "secure" this year. That number nearly quadruples MS's number. So more secure or less in your face, take your pick.

    [ reply to this | link to this | view in thread ]

50.  

    Re: Re:

    

    Anonymous Coward, Jul 17th, 2006 @ 11:03am

    
    

    What version/distro of linux in particular are you referring to? Sure, linux has a lot of updates but the vast majority of the updates are not security updates rather software bug fixes and such. Nothing near the amount of service packs and security updates MS has.

    [ reply to this | link to this | view in thread ]

Add Your Comment