SecuriTeam
Encyclopedia
SecuriTeam is a free and independent computer security portal, covering both security news and the most recent threats
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
, with a database dating back to 1998. SecuriTeam's main focus is software vulnerabilities.
SecuriTeam was founded by Aviram Jenik and Noam Rathaus and was the basis of what evolved into the security scanning vendor Beyond Security
Beyond Security
Beyond Security is a developer of IT security products that specializes in vulnerability assessment and vulnerability management products...
but now runs as a completely community-run project. Its most notable effort is the web portal where they notify visitors of new security vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
, tools and exploits.
Another community tool SecuriTeam provides is a blogs site where notable security names such as Roger Thompson, Rob Slade and David Harley
David Harley
David Harley BA CITP FBCS CISSP is an IT security researcher, author/editor and consultant living in the United Kingdom, known for his books on and research into malware, Mac security, anti-malware product testing and management of email abuse.- Career :...
write, although most of the contributions to the site are from newer names in the security field. One such contributor is Juha-Matti Laurio who writes about new Zero day attacks as they come out in FAQ
FAQ
Frequently asked questions are listed questions and answers, all supposed to be commonly asked in some context, and pertaining to a particular topic. "FAQ" is usually pronounced as an initialism rather than an acronym, but an acronym form does exist. Since the acronym FAQ originated in textual...
form, to end users, and Matthew Murphy who writes technical commentary and policy commentary on the issue of full disclosure
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
.
Daily cartoons
SecuriTeam publishes daily comic strips which relate to the latest news and gossip in the hacking scene (encompassing also spamSpam (electronic)
Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...
, privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
and other related subjects).
These are published on the SecuriTeam blogs site, and on a site created just for the comic strips called SecuriToons.
Currently, SecuriTeam has three running cartoons, each published twice a week:
- Memory Leak by the artist Brian Shearer - a comic strip dealing with issues related to current events in the security world by the means of jokes.
- Insecurity by the artist Michael Rankin - a story yet to be understood.
- Earl by the artist Dan Thompson - the happenings of Earl the hackerHacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
, his land-lord and his sexy neighbor.
Older cartoons SecuriTeam used to run, include:
- Hacked by the artist Dale Braden - a comic strip with a new security related jokeJokeA joke is a phrase or a paragraph with a humorous twist. It can be in many different forms, such as a question or short story. To achieve this end, jokes may employ irony, sarcasm, word play and other devices...
every slide. - Null Terminated by the artist Brian Shearer - a comic strip with assemblyAssembly languageAn assembly language is a low-level programming language for computers, microprocessors, microcontrollers, and other programmable devices. It implements a symbolic representation of the machine codes and other constants needed to program a given CPU architecture...
language and reverse engineeringReverse engineeringReverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
jokes. - Zoned-Out by the artist V Shane - Zoned-Out only lasted for one slide.
Debate: Publishing exploit code publicly
SecuriTeam is one of the few sites online which refer to themselves as whitehat, and serve exploitExploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
code to the public
Public
In public relations and communication science, publics are groups of individuals, and the public is the totality of such groupings. This is a different concept to the sociological concept of the Öffentlichkeit or public sphere. The concept of a public has also been defined in political science,...
. Serving exploit code publicly is a very heated issue in security circles, as some believe this aids miscreants in creating new attacks such as worms.
Once such exploit code is available openly, it is much easier for virus
Virus
A virus is a small infectious agent that can replicate only inside the living cells of organisms. Viruses infect all types of organisms, from animals and plants to bacteria and archaea...
authors to embed in malware and release it, infecting computers.
Others believe that the miscreants already have their sources for the exploit code, and that unless information such as this is provided to the community, it will be that much more difficult to defend against attackers, comparable to being blind while under attack. Further, finding the information defenders need the way blackhats do in unacceptable to most defenders, and would make it that much more difficult for them to stay on the "right side of the fence". According to advocates of this approach, the bad guys have their resources mainly because they hang in shady circles and perform unethical actions. Whitehats would be hard pressed both legally and ethically to act in this fashion.
This issue is often considered one of ethics
Ethics
Ethics, also known as moral philosophy, is a branch of philosophy that addresses questions about morality—that is, concepts such as good and evil, right and wrong, virtue and vice, justice and crime, etc.Major branches of ethics include:...
. The SecuriTeam community
Community
The term community has two distinct meanings:*a group of interacting people, possibly living in close proximity, and often refers to a group that shares some common values, and is attributed with social cohesion within a shared geographical location, generally in social units larger than a household...
believes that knowledge
Knowledge
Knowledge is a familiarity with someone or something unknown, which can include information, facts, descriptions, or skills acquired through experience or education. It can refer to the theoretical or practical understanding of a subject...
should be free and advocates the full disclosure
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
of security information, such as vulnerabilities and exploits.
Statistics
SecuriTeam publishes statistics about its vulnerability database, with data on the number of articles published on the web site and those relating to certain keywords. This is intended to highlight trends on the disclosure of vulnerabilities in popular products and tools.See also
- Attack (computer)Attack (computer)In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- IT riskIT riskInformation technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
- Threat (computer)Threat (computer)In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
- Vulnerability (computing)Vulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
External links
- SecuriTeam Homepage
- SecuriTeam Blogs
- SecuriToons SecuriTeam's comic strips site
- bugtraq debate: publishing exploit code
- SecuriTeam's mailing list archived