Security Goes on Auction: “Do I hear $450?”

Aug. 10, 2007

About a month ago, a Swiss firm launched an online auction site (aka Wabisabilabi) that claimed to help bring the world "one step closer to zero risk." Now, the interesting thing about this online auction site and it's auspicious claims to be doing things for the good of all is that what it doesn't auction off is security tools or tips, but what Wabisabilabi actually does is auction off security exploits.

Claiming to be a security research marketplace, this site is primarily for software developers interested in spotting security vulnerabilities before hackers get to them. I've mentioned this to a number of IT professionals and without fail, their jaws have dropped and they've said something like, "well, that's kind of scary."

Indeed it is "kind of scary," and in fact, you don't need much of an imagination to picture hackers signing on "hackbuyer_3" and bidding on the latest security weakness in Microsoft Vista or the seemingly ubiquitous iPhone. In fact, for those involved in physical security, we're just lucky this hasn't given common crooks and would be attackers an idea to start some sort of physical security auction site where thugs and repeat criminals could shop for things like "high-rise facility access cards" or "alarm codes to 3 local businesses". Do I hear $450? I have $450. $500? $500? I have $500. Do I hear $550? $550? No $550? Then $500, going once, going twice, the crime boss with gold rings.

Admittedly, WSLabi says that they will be only allowing the site to be used by people who could actually buy the software cracks for positive purposes (perhaps this would be people who wrote the software, or perhaps anti-malware vendors, or security gateway developers), and they add that there team will verify the weakness before it's put up for auction. The goal, they say, is so that security researchers will actually be paid appropriately for their work, rather than selling it to person with ill intentions for additional money. If, of course, they can do this effectively and get the right buyers linked with the right sellers, then I think they're onto something, but if just one mischievous buyer takes advantage of Wabisabilabi, then the deck of cards will tumble.

Now, most of you reading this blog are physical security professionals, but clearly there's been a move in our industry such that software is integral into all systems, whether it's recording video surveillance or even managing an alarm system. And with software comes vulnerabilities, and at that level, Microsoft Vista isn't that much different from your integrated access control system. Be vigilant.

Sponsored Recommendations

Metrasens Ultra detection technology real-time integration with Milestone X-Protect

The integration classifies events and alarms from Metrasens Ultra’s five detection zones, as well as all five levels of signal strength, allowing system operators to easily identify...

Metropolitan Security Services launches 100% online security training

Metropolitan Security Services' top-of-the-line training courses are available for purchase for those seeking to begin their security career or expand their knowledge of industry...

Allied Universal's Christian LaCour honored posthumously for heroism displayed during mass shooting

The LaCour family has established a GoFundMe page to honor Christian and help with expenses following the unexpected tragedy.

Magos unveils new drone detection radar technology at GSX 2023

Magos’ cutting-edge MASS+AI technology not only identifies the presence of drones but can also classify birds, reducing nuisance alarms and enabling security teams to differentiate...