Exploit auctioneer speaks at Microsoft hacker conference

A director of the WabiSabiLabi exploit auction platform (WSLabi) has presented at Microsoft's internal, invitation only Blue Hat hacker conference, speakers at which include the crème de la crème of the security industry. Since July, the controversial auction site has been offering information on security vulnerabilities and exploits to the highest bidder. WSLabi's Strategic Director Roberto Preatoni yesterday admitted to US media that he had been surprised to receive the invitation. However, he pointed out that the company had already had some contact with Microsoft.

Preatoni defended the concept of WSLabi at the conference - in his opinion some security companies have been taking advantage of the principle of full disclosure to obtain information on vulnerabilities for free. Discoverers of vulnerabilities, who may have invested considerable work in discovering them, were as a result being left out of pocket. According to Preatoni, this has led some to sell this information to cyber criminals. To prevent criminals from obtaining information via WSLabi, purchasers are subjected to a number of checks by WSLabi staff, including comparing ID card details with bank account details.

To date, more than 1000 people have subscribed to the mailing list and information on 128 vulnerabilities has been received from security experts wishing to sell. According to Preatoni, the organisations accessing the WSLabi website most frequently are Cisco, Microsoft, IBM, Veritas, Symantec, F-Secure, the U.S. army, Oracle, VeriSign and SAP. In addition to Preatoni's presentation, there were also presentations on various security-related topics from Halvar Flake, H.D. Moore, Alexander Kornbrust, Dan Kaminsky, David Litchfield and Dug Song

See also:

• Bid on exploits at new public auction platform, report by heise Security

(mba)