$16,000 Bounty for Sendmail, Apache Zero-Day Flaws Comments

Slashdot by Zonk - May 18, '07 3:05pm
Add to Favorites Add to Live.com Add to Google Add to del.icio.us Add to Yahoo! Add to Digg Add to Reddit Add to Technorati Add to StumbleUpon Famestay writes "Verisign's iDefense is putting up a $16,000 prize for any hacker who can find a remotely exploitable vulnerability in six critical Internet infrastructure applications. The bounty is for a zero-day code execution hole on the following Internet infrastructure technologies: Apache httpd, Berkeley Internet Name Domain (BIND) daemon, Sendmail SMTP daemon, OpenSSH sshd, Microsoft Internet Information (IIS) Server and Microsoft Exchange Server. 'Immunity founder Dave Aitel, who also purchases flaws and exploits for use in the CANVAS pen testing tool, says its doubtful iDefense will get any submissions from hackers. "It's very hard to exploit [those listed applications]," Aitel said. "IIS 6 hasn't had a public remotely exploitable bug in it. Ever." Several other hackers I spoke to had very much the same message, arguing that $16,000 can never equate to the amount of work/expertise required to find and exploit a hole in the six targeted technologies.'"

Read more of this story at Slashdot.

Be the first to comment this.
Name: (required)
Email:   (not displayed, optional)
URL:     (optional)
          Remember info in safe cookie
Comments: (all HTML will be stripped)

Security Code:
© 2007 · wiredb.com · All trademarks are properties of their respective owners.