A friend and I are gonna start a computer security firm... I wonder if there's any programmers over here that would be interested in helping us research security holes on a voluntary basis??
Printable View
A friend and I are gonna start a computer security firm... I wonder if there's any programmers over here that would be interested in helping us research security holes on a voluntary basis??
Nobody????
If you're looking for programmers to research security holes, you're basically asking for them to look through opensource for bugs and whatnot. If it's closed-source, it's a lot more difficult because the bugs have to be found through trial and error, and that's with dedicated people pounding the crap out of them. Not something I'd like to do (like with IE or something). Not to mention, you'd have to have some kind of OK from said company for trying to break/reverse-engineer their program/product. It's not a bad idea, but it's definitely not something that's easy to undertake. I would hazard a guess that you're better off creating a 'tiger team' where you're hired to break into a place and find the vulnerabilities of a said company, etc.
Anyone else have any ideas?
Just remember, Ratman2, that if you ever break/reverse engineer something, make sure you have the proper rights to the program if it's closed-source. Or else the company is going to slam you hard for it. But I doubt big companies (such as Microsoft) will allow you to unless you do it without getting paid by them or something of the sort. And also, you have to check with your partner to see if you will center on a certain operating system such as Windows(which version?) or Linux (which distro?). Maybe all? Also, try and see what 'genere' of computing you'll focus on. Wheather it be internet related, or program related (example: Firewall is to Internet as Adaware is to Software...well you get the picture :p).Quote:
If you're looking for programmers to research security holes, you're basically asking for them to look through opensource for bugs and whatnot. If it's closed-source, it's a lot more difficult because the bugs have to be found through trial and error, and that's with dedicated people pounding the crap out of them. Not something I'd like to do (like with IE or something). Not to mention, you'd have to have some kind of OK from said company for trying to break/reverse-engineer their program/product. It's not a bad idea, but it's definitely not something that's easy to undertake. I would hazard a guess that you're better off creating a 'tiger team' where you're hired to break into a place and find the vulnerabilities of a said company, etc.
Now, I wouldn't be interested in joining...BUT, see if you can get a [good] friend who HTML's and set up a website; or just do it yourself. Make sure it looks something professional - just because. Make a link for people who are willing to join. Then make/place ad's :D.
Hey Ratman2, I would love to help you out in some of my free time i think that would be cool! let me know the details and everything
;)
You and Vorlin have just mentioned the BIG problem. We would be working with open AND closed source software...the DMCA is a special PITA... :(.... I like the idea of the Tiger Team, in fact, when we planned this nearly 3 years ago that was what we were going to start out doing in the computer security division. Problem is I live in Connecticut and my partner is in Florida and we fear the traditional problems in getting a business started. We had come up with the reasearch idea in the hopes of promoting our mame and establishing our reputation. This would allow us to get into the Tiger Team type of work easier and lessen the risks...as for the Website my partner DESIGNS websites so that's no problem there. I've got a box with a bad HD that I need to get fixed (waiting for the HD to come in) and then we'll get started working on finishing it :). Protocool and linuxcommado...watch this thread, we'll be in touch :) TIA you guys :)Quote:
Originally posted by [WebCarnage]
Just remember, Ratman2, that if you ever break/reverse engineer something, make sure you have the proper rights to the program if it's closed-source. Or else the company is going to slam you hard for it. But I doubt big companies (such as Microsoft) will allow you to unless you do it without getting paid by them or something of the sort. And also, you have to check with your partner to see if you will center on a certain operating system such as Windows(which version?) or Linux (which distro?). Maybe all? Also, try and see what 'genere' of computing you'll focus on. Wheather it be internet related, or program related (example: Firewall is to Internet as Adaware is to Software...well you get the picture :p).
Now, I wouldn't be interested in joining...BUT, see if you can get a [good] friend who HTML's and set up a website; or just do it yourself. Make sure it looks something professional - just because. Make a link for people who are willing to join. Then make/place ad's :D.
Damn good Idea. I think that is such a good idea. 3rd party security teams are going to be big in the next few years. I Would personally love to be involved in any such program.
I will give you guys a hand in helping you get started or assistance Someone once helped me get my company started so I am willing to give you a hand likewise I currently run a tiger team as well as other things. take a look at my webpage and get back to me if I can assist you in any way.My Website
The problem we have right now is dealing with the DMCA and its "anti-reverse engineer" clause. The way I understand it the very type of research we want to do is Illlegal under the DMCA :(
Stay Tuned....
See what someone who knows defcon if they have any ideas maybe email blue rose at bluerose.com c if she has any input for you as for me SCREW EM.
I'd like to say SCREW EM more than anybody, believe me. However, we can't really afford the litigation/headache that comes with fighting the DMCA :(. I hope I can find some legal solution.Quote:
Originally posted by SecurityAdmin
See what someone who knows defcon if they have any ideas maybe email blue rose at bluerose.com c if she has any input for you as for me SCREW EM.
Not if the Damn DMCA sticks around :(. Not with these big companies saying "We don't like it that Company XXX found some big vulnerability in our big product. Let's sue them/have them arrested." Right now I'm so upset :(Quote:
Originally posted by MrBert
Damn good Idea. I think that is such a good idea. 3rd party security teams are going to be big in the next few years. I Would personally love to be involved in any such program.
:'( Quit being down about and do something. I know all companies hate vulnerbilities being exposed but you need to just get after it and quit being afraid look at the guy who id'd the passport vulnerability against microsoft they never sued him and also he did not have permission like I said before screm them hell u can even operate on my TAX ID number you cannot allow them to stop u from accomplishing what you want. If you want to put your tail between your legs and roll over thats your buisness but I think a lot of folks would support you on this.
ยท Does permit the cracking of copyright protection devices, however, to conduct encryption research, assess product interoperability, and test computer security systems.
So DMCA isnt a problem. Move On RATMAN.
Ratman2:
I also live in CT, what a coincidence, eh? :) Anyway, I interned for the information security division of a pretty big corporation in the Hartford area and we actually evaluated the viability of a "tiger team" vs. software based security auditing tools. Basically, our findings were that it was much more effective and efficient to have software-based auditing via a combination of tools for our various environments (mainframe, unix, and NT), rather than having a team do vulnerability checks, and read through code to find vulnerabilities. I don't mean to totally crush your plans, as there is certainly work out there for security consultants and such, but I would probably bolster your business with general computer consulting, as well as security consulting. At the very least, it will give you a broad client base that you can have continuing relations with, rather than a "once every year" deal.
Regards,
Wizeman
Wizeman, that's EXACTLY what we plan on once we're a little further off of the ground...bacially, my Partner described us as a "tech plaza." If it involves a box, we would do it :).Quote:
Originally posted by Wizeman
Ratman2:
I also live in CT, what a coincidence, eh? :) Anyway, I interned for the information security division of a pretty big corporation in the Hartford area and we actually evaluated the viability of a "tiger team" vs. software based security auditing tools. Basically, our findings were that it was much more effective and efficient to have software-based auditing via a combination of tools for our various environments (mainframe, unix, and NT), rather than having a team do vulnerability checks, and read through code to find vulnerabilities. I don't mean to totally crush your plans, as there is certainly work out there for security consultants and such, but I would probably bolster your business with general computer consulting, as well as security consulting. At the very least, it will give you a broad client base that you can have continuing relations with, rather than a "once every year" deal.
Regards,
Wizeman
Been tied up with a stomach bug so i havn't been able to get too much done :(. Also still waiting on new HD for my other box (come on Compaq)
We're good to go....I'll be contacting interesed people over the weekend sometime :)
Quote:
Originally posted by linuxcomando
Hey Ratman2, I would love to help you out in some of my free time i think that would be cool! let me know the details and everything
Quote:
Originally posted by MrBert
Damn good Idea. I think that is such a good idea. 3rd party security teams are going to be big in the next few years. I Would personally love to be involved in any such program.
Need your E-mails :)Quote:
Originally posted by SecurityAdmin
I will give you guys a hand in helping you get started or assistance Someone once helped me get my company started so I am willing to give you a hand likewise I currently run a tiger team as well as other things. take a look at my webpage and get back to me if I can assist you in any way.My Website
well if you need any networking help... im always here :cool:
Some of you guys have mail (protocool, LC). Travis, your E-mail addy on your site bounced, need to get a hold of you :)
lol, im in ct too...dont know what kind of help i can offer tho :-/...send me some info anyway(click the 8 in my sig :))
Linuxcommando and protocool you have mail :)