2009-07-24

The Economics of Botnets & 0-Day Market

Ever wondered what all can a botnet actually do? How much damage can it cause? Or how much does it cost to rent a botnet or even better - how much can you earn from a botnet..??

All this and more answered by Yury Namestnikov in his blog.

Another very good paper to read, is by the famous Dr. Charlie Millar
The Legitimate Vulnerability Market: Inside the Secretive World of 0-day Exploit Sales

Update 03-Apr-2012:
Some current figures around how much a 0-day can be worth.

Update 01-Jun-2012:
Mr. Schneier finally speaks on this topic

Update 13-May-2013:
Very interesting, the US government is a big buyer of 0-day exploits!!

2009-07-21

Web App Security Portfolio

Ever wondered how to go about documenting and securing all the web applications in your organization?

This article from Nick Coblentz will definitely be of help.

Biometrics: Identity & Authentication

Almost everywhere today, you would come across a two-factor authentication, where a user is required to enter a User ID and a Password to access a system.

However, now biometrics is gaining popularity pretty quickly, which combines both the Identity and Authentication into one. This definitely helps the user because now s/he does not need to memorize the username or the password, but is this really the best way forward?

Take a look at this article written by Steve Riley.