- SecuriTeam
SecuriTeam is a free and independent security portal, covering both security news and the most recent threats, with a database dating back to 1998. SecuriTeam's main focus is software vulnerabilities.
SecuriTeam was founded by
Aviram Jenik andNoam Rathaus but now runs as a completely community-run project. Its most notable effort is the web portal where they notify visitors of new securityvulnerabilities , tools andexploits .Another community tool SecuriTeam provides is ablogs site where notable security names such as Roger Thompson, Rob Slade, Gadi Evron and David Harley write, although most of the contributions to the site are from newer names in the security field. One such contributor is Juha-Matti Laurio who writes about newZero day attack s as they come out inFAQ form, to end users, and Matthew Murphy who writes technical commentary and policy commentary on the issue offull disclosure .Daily cartoons
SecuriTeam publishes daily
comic strips which relate to the latest news and gossip in the hacking scene (encompassinng also spam,privacy and other related subjects).These are published on the SecuriTeam blogs site, and on a site created just for the
comic strips called SecuriToons.Currently, SecuriTeam has three running
cartoons , each published twice a week:
* Memory Leak by the artist "Brian Shearer" - a comic strip dealing with issues related to current events in the security world by the means ofjokes .
* Insecurity by the arist "Michael Rankin" - a story yet to be understood.
* Earl by the artist "Dan Thompson" - the happenings of Earl the hacker, his land-lord and his sexy neighbor.Older cartoons SecuriTeam used to run, include:
* Hacked by the artist "Dale Braden" - a comic strip with a new security relatedjoke every slide.
* Null Terminated by the artist "Brian Shearer" - a comic strip with assembly lanuage andreverse engineering jokes.
* Zoned-Out by the artist "V Shane" - Zoned-Out only lasted for one slide.Debate: Publishing exploit code publicly
SecuriTeam is one of the few sites online which refer to themselves as
whitehat , and serve exploit code to thepublic . Servingexploit code publicly is a very heated issue in security circles, as some believe this aids miscreants in creating new attacks such as worms.Once such exploit code is available openly, it is much easier for
virus authors to embed in malware and release it, infecting computers.Others believe that the miscreants already have their sources for the exploit code, and that unless information such as this is provided to the community, it will be that much more difficult to defend against attackers, comparable to being blind while under attack. Further, finding the information defenders need the way blackhats do in unacceptable to most defenders, and would make it that much more difficult for them to stay on the "right side of the fence". According to advocates of this approach, the bad guys have their resources mainly because they hang in shady circles and perform unethical actions.
Whitehats would be hard pressed both legally and ethically to act in this fashion.This issue is often considered one of
ethics . The SecuriTeamcommunity believes thatknowledge should be free and advocates thefull disclosure of security information, such as vulnerabilities and exploits.tatistics
SecuriTeam [http://www.securiteam.com/stats.html publishes statistics] about its vulnerability database, with data on the number of articles published on the web site and those relating to certain keywords. This is intended to highlight trends on the disclosure of vulnerabilities in popular products and tools.
References
* [http://news.zdnet.co.uk/business/0,39020645,2127862,00.htm Security flaw threatens Cisco Web site] , [http://news.zdnet.co.uk/ ZDNet UK] .
* [http://news.com.com/2100-1040-242112.html Critical Path oversight exposes NSI email] , [http://news.com/ CNet news] .
* [http://www.eweek.com/article2/0,1895,1949279,00.asp Microsoft's Security Disclosures Come Under Fire] , [http://blog.eweek.com/ eWeek.com] .
* [http://blog.eweek.com/blogs/eweek/archive/2006/01/04/3943.aspx Coverage of a SecuriTeam interview with expert Ilfak Guilfanov] , [http://www.eweek.com/ eWeek.com Weblog] .
* [http://blog.washingtonpost.com/securityfix/2006/07/microsoft_takes_stab_at_blogsp_1.html Blog spam as a growing trend] , [http://blog.washingtonpost.com/ The Washington Post] .
* [http://www.theage.com.au/articles/2006/08/06/1154802739105.html International crime rings, not hackers, true Internet villains] , [http://www.theage.com.au/ The Age] .
* [http://www.redmondmag.com/news/article.asp?EditorialsID=7719 Microsoft PowerPoint 0day debated] , [http://www.redmondmag.com/ Redmondmag.com] .
* [http://www.pcworld.com/article/id,124705-page,1/article.html Drag-and-drop Flaw in Internet Explorer Reported] , [http://www.pcworld.com/ PCWorld] .External links
* [http://www.securiteam.com SecuriTeam Homepage]
* [http://blogs.securiteam.com SecuriTeam Blogs]
* [http://www.securitoons.com SecuriToons] SecuriTeam's comic strips site
* [http://archive.cert.uni-stuttgart.de/archive/bugtraq/2005/06/msg00279.html bugtraq debate: publishing exploit code]
* [http://www.derkeiler.com/Mailing-Lists/Securiteam/ SecuriTeam's mailing list archived]
Wikimedia Foundation. 2010.
