[ news_security_news ]
Vulnerability Auction On EBay
John Stith
Staff Writer
2005-12-09
 Insider Reports RSS Feed
From time to time, eBay ends up with items for sale that make the casual observer raise their eyebrows. One recent case involved William Shatner, his kidney stones and starships. Most recently, the online auction monster pulled down something not quite so odd but potentially destructive, a vulnerability in the Microsoft Excel spreadsheet program.
Vulnerabilities allow unseemly hackers to do rather untoward things and Excel would be quite an annoying place to do it. Microsoft is investigating the vulnerability, which appears to affect all versions of Excel. eBay pulled the auction, acting upon a request from the world's largest software company.
"The listing was immediately reviewed and pulled from the site for violating our policy against promoting illegal activity--hacking," Catherine England told SecurityFocus in an email. "In general, research can be sold as a product. However, if the research were to violate the law or intellectual property rights then it would not be allowed."
The policy most software developers prefer to follow is when a vulnerability in their product is discovered, they like to be notified before hand so they have time to verify and correct the problem. Often times, this etiquette is followed, however, as SecurityFocus pointed out, it's becoming more common to do something like sell it or just let it out for everyone to know about. Then it becomes a race between the software company and the hackers to beat the other.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
