The hacker grouping that exposed holes inwards McAfee's website knows it's breaking the States law, but vows to croak on exposing vulnerabilities, especially on safety vendor websites.
The hacker grouping that exposed holes inwards McAfee's website knows it's breaking the States law, but vows to croak on exposing vulnerabilities, especially on safety vendor websites.
"We create sympathise performing safety testings without potency is illegal nether the States law," stated YGN Ethical Hacker Group, when contacted yesteryear Network World via e-mail. The outfit's ain website describes YGN every bit a "small grouping of immature but mature people" based inwards the province of Myanmar (Burma) who started working together close iii years ago. Based on its website advertising, the group, which seeks to emphasize its goals are "ethical," appears to offering vulnerability-testing services spell also working on safety testing tools.
In reply to a enquiry close why it's together with hence secretive, YGN says, "Secrecy is rattling of import to us that our Burmese authorities powerfulness non telephone phone us upward to misuse our skills to laid on their most hated countries including U.S., Norway...etc."
YGN sought to explicate its rationale for performing what it acknowledges is unlawful testing of McAfee's website for vulnerabilities: "As for the McAfee website case, we've been seeing safety holes convey been popping upward every yr since 2008, which proves they don't convey secure coding touchstone together with proper safety audit of themselves, spell they create convey world-renowned experts. We genuinely didn't perform intensively safety scans on its spider web sites. We knew its flaws only yesteryear looking at their publicly available HTML/JavaScript root codes. This implies that deep testing powerfulness detect to a greater extent than issues."
McAfee, which offers its "McAfee Secure" branded scan service for daily website evaluation together with has Foundstone vulnerability-testing tools, before this calendar week responded to Network World, which reported YGN's findings inwards a world security-discussion forum. H5N1 McAfee spokesperson said, "McAfee is aware of these vulnerabilities together with nosotros are working to cook them. It is of import to banking concern complaint that these vulnerabilities create non expose whatever of McAfee's customer, partner or corporate information. Additionally, nosotros convey non seen whatever malicious exploitation of the vulnerabilities." McAfee has together with hence far non made farther comment.
YGN indicates it may croak on its create of performing vulnerability exam scans on websites, especially those of safety vendors, because it feels this is the correct affair to do: "As responsible netizens, nosotros believe that YGN Ethical Hacker Group is liable to break safety issues inwards high-profile spider web sites where thousands of users be to rely on their security-related services/products. It is unethical yesteryear human deport to sell safety products/services spell vendors don't assist [about] fixing their issues."
YGN, which doesn't desire to break the names of its members, said they desire to "represent our country" together with "'to create safety inquiry to contribute to the safety of users inwards [the] digital world."
YGN also participates inwards safety inquiry groups, including EvilFingers, which safety analyst Shyaam Sundhar Rajamadam Srinivasan indicated he started amongst his married adult woman inwards 2006. When asked close YGN, together with whether doing vulnerability tests on websites without the owner's permission is incorrect or illegal, Srinivasan is direct.
"YGN is only a grouping that I got to know recently," according to Srinivasan, who says he is CEO of DigitOnto together with plant every bit a contractor for SANS Institute. "My married adult woman together with myself, nosotros don't create unethical stuff. I believe that scanning one's website without prior potency is definitely inappropriate together with violates our partnership rules together with regulations." He writes that he intends to inform YGN close the same. "EvilFingers never cooperates for whatever form of unethical activities."
Mandeep Khera, principal marketing officeholder at Web application safety vendor Cenzic, notes that performing vulnerability tests on a website without the owner's permission is illegal inwards the the States "You're forcing yourself onto someone's property," he points out. "It's similar a break-in."
When informed of this criticism, YGN responded yesteryear maxim it volition expose vulnerabilities inwards Cenzic's website: "We volition break an OWASP Top 10 Security lawsuit inwards [the] Cenzic spider web site." The Open Web Application Security Project is an organization composed mainly of vendors that researches spider web application vulnerabilities, such every bit cross-site scripting, together with puts out reports close the main ones inwards annual reports.
YGN says its motivation to expose holes inwards safety vendor websites is because "nowadays safety vendors don't fifty-fifty assist close the safety of their websites (while some of them offering Web App Security Products/Services), which allows attackers to exploit these flaws to laid on their users. Apparently, the the States constabulary volition non sue safety vendors for their lack of security."
To total up, YGN states, "from the await of the law, what nosotros did seems illegal from the States Law perspective. We, safety researchers, sometimes demand to larn to the night side for the create goodness of users."
The hacker grouping that exposed holes inwards McAfee's website knows it's breaking the States law, but vows to croak on exposing vulnerabilities, especially on safety vendor websites.
"We create sympathise performing safety testings without potency is illegal nether the States law," stated YGN Ethical Hacker Group, when contacted yesteryear Network World via e-mail. The outfit's ain website describes YGN every bit a "small grouping of immature but mature people" based inwards the province of Myanmar (Burma) who started working together close iii years ago. Based on its website advertising, the group, which seeks to emphasize its goals are "ethical," appears to offering vulnerability-testing services spell also working on safety testing tools.
In reply to a enquiry close why it's together with hence secretive, YGN says, "Secrecy is rattling of import to us that our Burmese authorities powerfulness non telephone phone us upward to misuse our skills to laid on their most hated countries including U.S., Norway...etc."
YGN sought to explicate its rationale for performing what it acknowledges is unlawful testing of McAfee's website for vulnerabilities: "As for the McAfee website case, we've been seeing safety holes convey been popping upward every yr since 2008, which proves they don't convey secure coding touchstone together with proper safety audit of themselves, spell they create convey world-renowned experts. We genuinely didn't perform intensively safety scans on its spider web sites. We knew its flaws only yesteryear looking at their publicly available HTML/JavaScript root codes. This implies that deep testing powerfulness detect to a greater extent than issues."
McAfee, which offers its "McAfee Secure" branded scan service for daily website evaluation together with has Foundstone vulnerability-testing tools, before this calendar week responded to Network World, which reported YGN's findings inwards a world security-discussion forum. H5N1 McAfee spokesperson said, "McAfee is aware of these vulnerabilities together with nosotros are working to cook them. It is of import to banking concern complaint that these vulnerabilities create non expose whatever of McAfee's customer, partner or corporate information. Additionally, nosotros convey non seen whatever malicious exploitation of the vulnerabilities." McAfee has together with hence far non made farther comment.
YGN indicates it may croak on its create of performing vulnerability exam scans on websites, especially those of safety vendors, because it feels this is the correct affair to do: "As responsible netizens, nosotros believe that YGN Ethical Hacker Group is liable to break safety issues inwards high-profile spider web sites where thousands of users be to rely on their security-related services/products. It is unethical yesteryear human deport to sell safety products/services spell vendors don't assist [about] fixing their issues."
YGN, which doesn't desire to break the names of its members, said they desire to "represent our country" together with "'to create safety inquiry to contribute to the safety of users inwards [the] digital world."
YGN also participates inwards safety inquiry groups, including EvilFingers, which safety analyst Shyaam Sundhar Rajamadam Srinivasan indicated he started amongst his married adult woman inwards 2006. When asked close YGN, together with whether doing vulnerability tests on websites without the owner's permission is incorrect or illegal, Srinivasan is direct.
"YGN is only a grouping that I got to know recently," according to Srinivasan, who says he is CEO of DigitOnto together with plant every bit a contractor for SANS Institute. "My married adult woman together with myself, nosotros don't create unethical stuff. I believe that scanning one's website without prior potency is definitely inappropriate together with violates our partnership rules together with regulations." He writes that he intends to inform YGN close the same. "EvilFingers never cooperates for whatever form of unethical activities."
Mandeep Khera, principal marketing officeholder at Web application safety vendor Cenzic, notes that performing vulnerability tests on a website without the owner's permission is illegal inwards the the States "You're forcing yourself onto someone's property," he points out. "It's similar a break-in."
When informed of this criticism, YGN responded yesteryear maxim it volition expose vulnerabilities inwards Cenzic's website: "We volition break an OWASP Top 10 Security lawsuit inwards [the] Cenzic spider web site." The Open Web Application Security Project is an organization composed mainly of vendors that researches spider web application vulnerabilities, such every bit cross-site scripting, together with puts out reports close the main ones inwards annual reports.
YGN says its motivation to expose holes inwards safety vendor websites is because "nowadays safety vendors don't fifty-fifty assist close the safety of their websites (while some of them offering Web App Security Products/Services), which allows attackers to exploit these flaws to laid on their users. Apparently, the the States constabulary volition non sue safety vendors for their lack of security."
To total up, YGN states, "from the await of the law, what nosotros did seems illegal from the States Law perspective. We, safety researchers, sometimes demand to larn to the night side for the create goodness of users."
News Source : http://www.csoonline.com/
Share This :
comment 0 Comments
more_vert