Search

Google

Monday, September 17, 2007

Google

Friday, September 14, 2007

Hacker

In the summer of 2005, Michael Lynn discovered a dangerously exploitable flaw in an older version of Cisco routers, one that could shut down or hijack wide swaths of the Internet if it fell into the wrong hands. Lynn, a researcher with Internet Security Systems, immediately told Cisco's security team about the bug. But when Cisco showed no signs of informing customers who used the outdated hardware, Lynn put his discovery in front of a more responsive audience: the thousands of hackers attending the Black Hat security conference in Las Vegas.

Cisco's next reaction was swift: It sued Lynn, even though his presentation hid details of his exploit. The episode became a public relations blow up for Cisco and a legal morass for Lynn. That kind of stonewalling, enmity and miscommunication has long characterized relations between hackers and software developers, says Jennifer Granick, a cyber-law attorney who represented Lynn in his legal battles.

"There's been a lot of bad blood," she says. "Companies have a hard time acting grateful when some punk kid is lording over them that they found something wrong with their software."

But that attitude is now changing. Software developers are learning that cooperating with hackers is better than ignoring or attacking reports of exploitable holes in software. At the same time, a growing number of security companies are willing to pay for information about software vulnerabilities. That has nudged more software makers to treat independent security less like bandits and more like helpful volunteers.

"Essentially, we're doing free quality assurance work for software vendors," says a hacker who goes by the handle "Dead Addict," and who spoke on unexpected bug disclosures at the DefCon hacker conference last month. "Companies' first reaction is often: 'What can we do to stop this from going on?' But they're learning that that's counterproductive."

To the surprise of many, Microsoft has become one of the most hacker-friendly software developers, says Dead Addict, who also works for a major mobile hardware company. He recalled how several of his hacker friends were hired as contractors to test the security of Microsoft's Vista operating system in the months before it was released.

Microsoft is proving equally enthusiastic when it hears about hackable flaws in its software from people not on the software giant's payroll. "We've learned a lot about how to work with independent researchers, and we're always trying to make it easier," says Mark Miller, director of Microsoft's Security Response Team. Miller says that 70% of the security flaws discovered in Microsoft's products last year were reported directly to the company by "volunteers."

Cisco has also "moved on" since its highly publicized spat with Michael Lynn, says Mike Caudill, the company's product security incident manager. "We've worked with independent researchers for years, and we welcome them contacting us," he says. Cisco has a 24/7 hotline and a secure system that hackers can use to send encrypted messages to the company about sensitive vulnerabilities.

But convincing hackers to give away information about bugs--some of which could easily help unscrupulous hackers spy, steal bank codes or hijack computers to issue spam or "malware"--is also getting trickier. Companies, including 3Com's TippingPoint division and iDefense, offer to buy vulnerabilities from hackers for several thousand dollars apiece, promising to inform the vendor of exploitable flaws. Other bug buyers, including Netragard and Immunity, pay hundreds of thousands of dollars for details of vulnerabilities that security researchers use to test how easily hackers can penetrate a system--and they don't always share the information immediately with the software's manufacturer.

In July, a Switzerland-based Web site called Wabisabilabi began auctioning bugs in an eBay-style marketplace. Among the items up for bid were detailed descriptions of bugs in 3Com file transfer protocol servers, Wordpress software and SAP's graphical user interface. An unidentified bidder is currently offering 5,000 euros (about $6,900) for information about one SAP bug.

Software vendors have hesitated to offer money for vulnerabilities in their own software, for fear that such bounties would only attract attention to their products' flaws and invite extortion. One rare exception was Netscape's bug bounty program in the late 1990s, which paid hackers $1,000 for significant discoveries. Neither Microsoft nor Cisco offer bounties, but they do give credit in their security bulletins to hackers who offer up bugs.

Given that Netragard can pay hackers as much as $200,000 for information about vulnerabilities, Adriel Desaultels, the company's chief technology officer, says that the least software vendors can do is to avoid a hostile response to hackers. "Vendors really can't compete with us in terms of paying for vulnerabilities," he says. "And when they try to quash research, it only takes a quick post to ruin their reputation as a company that makes secure software."

Some companies have yet to learn that lesson. Diebold Election Systems, recently renamed as Premier Election Solutions, unsuccessfully issued legal threats to dozens of individuals in 2003 for publicizing security problems found in their voting machines. Last year, Princeton University Professor Ed Felten and two of his graduate students found a method to infect Diebold voting machines with a virus that communicated from machine to machine via removable memory cards, potentially enabling the wholesale theft of votes.

Felten says Diebold ignored the academicians' entreaties to patch the flaw. A Premier spokesman denies that Felten's research pinpointed real vulnerabilities and says that the company is cooperating with all ongoing investigations and working to create a secure product.

In early August, however, the California secretary of state's office decertified electronic voting machines built by three companies--including Diebold--because of concerns about security vulnerabilities. "Had [Diebold] engaged with us, they'd have a reasonably secure system," says Felten. "Instead, they stonewalled, and look where it got them."

But that hardliner attitude is increasingly becoming the exception rather than the typical corporate reaction, Felten says. "Companies are already making sure that vulnerabilities get fixed and that hackers get credit," he says. "And now that there's competition from third parties who buy vulnerabilities, they'll have to move even faster."


Click

Are You searching Genuine Part Time Jobs ? Have you heard about people who are making thousands of dollars a month with Pay per Click Program? This is not a lie...Its 101% True. Do You Know Everyday all around the world Internet experts and users Earn through pay per click program. Not Only internet Experts.You can too Earn through this part time jobs....

Did You think is it hard to Earn Money Online? No. Absolutly not...Everyone can Earn Money Online through this Pay per click program Even from Home.Also It Does't Need No Investment at all.You Just Need a Computer with Internet Connection and Some spare time to this pay per Click program.No Need to sell anything and Its not a MLM(Multi Level Marketing).

About Pay per Click Program

Pay Per Click program is a great way for website and blogger publishers of all sizes to display relevant advertisements on their website or blogger content pages.The advertisements which will display automatically depends on your website content and information which provided by webmasters.

While reading the article or information of the website or blogger displayed advertisements are related to what your visitors are looking for on your Blogger matched to the characteristics and interests of the visitors your content attracts.

If anyone Entering On Your Advertisements from your Blogger You are getting Paid For Every Click from the advertiser which displayed in your blogger.This is called Pay Per Click Program.This is Also Called as Affliate programs or Affliate marketing.
Dell laptop PDA mobile virus maruti alto jobs naukri computer jewellery loan bank personal loan engineering projects free download source code.

Wednesday, September 12, 2007

ICICI

ICICI Bank is India's second-largest bank with total assets of Rs. 3,446.58 billion (US$ 79 billion) at March 31, 2007 and profit after tax of Rs. 31.10 billion for fiscal 2007. ICICI Bank is the most valuable bank in India in terms of market capitalization and is ranked third amongst all the companies listed on the Indian stock exchanges in terms of free float market capitalisation*. The Bank has a network of about 950 branches and 3,300 ATMs in India and presence in 17 countries. ICICI Bank offers a wide range of banking products and financial services to corporate and retail customers through a variety of delivery channels and through its specialised subsidiaries and affiliates in the areas of investment banking, life and non-life insurance, venture capital and asset management. The Bank currently has subsidiaries in the United Kingdom, Russia and Canada, branches in Singapore, Bahrain, Hong Kong, Sri Lanka and Dubai International Finance Centre and representative offices in the United States, United Arab Emirates, China, South Africa, Bangladesh, Thailand, Malaysia and Indonesia. Our UK subsidiary has established a branch in Belgium.

ICICI Bank's equity shares are listed in India on Bombay Stock Exchange and the National Stock Exchange of India Limited and its American Depositary Receipts (ADRs) are listed on the New York Stock Exchange (NYSE).