Abstract
The method of discovering security vulnerabilities raises separate legal and ethical issues apart from the disclosure of such vulnerabilities. This chapter explains the various methods of discovering and disseminating vulnerabilities (such as the use of a honeynet, youtube concept of proof videos, zero day exploit markets) and provides for an explanation of each method, then uses a case study where possible to introduce legal and ethical issues.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
[1].
- 2.
Salgado, R., “The Legal Ramifications of Operating a Honeypot” (2005) IEEE Magazine Security and Privacy, vol. 1. Salgado is considered as a recognized authority of legal issues in honeypots. He is former attorney with the United States Department of Justice, Computer Crime and Intellectual Property Section, U.S. Department of Justice, and Senior Counsel with Yahoo!, Inc. He is now Senior Counsel of Google and Adjunct Professor at Stanford University.
- 3.
[2].
- 4.
“A honeynet is a closely monitored computing resource that we want to be probed, attacked, or compromised” Provos, see footnote 1.
- 5.
[3].
- 6.
Kemmerer, see footnote 3.
- 7.
See footnote 3.
- 8.
[4].
- 9.
See footnote 3.
- 10.
See Poulsen, footnote 13 in Chap. 1.
- 11.
See footnote 3.
- 12.
[5].
- 13.
Poulsen, footnote 13 in Chap. 1, pages 336–358.
- 14.
Ciphertext is data that has been encrypted. The goal of decryption is to convert the ciphertext to plaintext which can then be understood. See generally Anderson, R., Security Engineering: A Guide to Building Dependable Distributed Systems 2nd ed (Wiley 2008) Chapters 5 Cryptography and 6 Distributed Systems for excellent discussion on cryptography, encryption and decryption, pages 129–213.
- 15.
Anderson, above.
- 16.
Poulsen, footnote 13 in Chap. 1.
- 17.
Security Focus at http://securityfocus.com.
- 18.
[6].
- 19.
Available at http://vx.netlux.org/index.html.
- 20.
Metasploit Framework License Agreement available at http://www.metasploit.com/license.jsp.
- 21.
[7].
- 22.
“Cisco, ISS file suit against rogue researcher Robert Lemos”, SecurityFocus 2005-07-27 available at http://www.securityfocus.com/news/11259.
- 23.
Wired “Blackhat Interview with Michael Lynn” 2005.
- 24.
Discussion with computer security analyst who was present at the presentation.
- 25.
Wired, see footnote 23.
References
Holz T, Provos N (2008) Virtual honeypots: from botnet tracking to intrusion detection (Addison-Wesley), p 8
Stone-Gross B, Cavallaro L, Gilbert B, Sydlowski M, Kemmerer R, Kruegel C, Vigna G (2009) Your botnet is my botnet: analysis of a botnet takeover CCS, ACM 978-1-60
Kemmerer R (2010) “How to Steal a botnet and what can happen when you do” Google tech talk. Available at http://www.youtube.com/watch?v=2GdqoQJa6r4. Accessed 26 June 2010
Symantec, Report on the Underground Economy (2008) Available at http://www.symantec.com/content/en/us/about/media/pdfs/underground_Econ_Report.pdf. Accessed 28 June 2010
Harris S, Harper A, Eagle C, Ness J (2008) Gray hat hacking: the ethical hacker’s handbook. McGraw Hill, pp 277–307
Cluley G (2012) VXHeavens old-school virus writing website, raided by police http://nakedsecurity.sophos.com/2012/03/28/vx-heavens-virus-writing-website-raided/
Maurushat A (2011) Australia. In: Cook S (ed) Freedom on the internet: a global assessment of internet and digital media. Freedom House, New York
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Maurushat, A. (2013). Discovery and Dissemination of Discovering Security Vulnerabilities. In: Disclosure of Security Vulnerabilities. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5004-6_3
Download citation
DOI: https://doi.org/10.1007/978-1-4471-5004-6_3
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-5003-9
Online ISBN: 978-1-4471-5004-6
eBook Packages: Computer ScienceComputer Science (R0)