7/03/2007

IPhone call for vulnerabilties


Finally, last Friday the IPhone hit the market.
We witnessed thousands of Apple lovers waiting countless hours in line, ready to assault the shops to buy this year's "King of the Gears".

While shop clerks were still cashing the money from the first IPhone sales, the hacker community already started a bunch of projects aimed to bring the IPhone down to its knees.

In S. Francisco, they organized a camp where attendees "will include web designers, developers, testers, and iPhone owners--all working together, on their precious weekend, to improve the web experience for iPhone owners." Yes, we really love the wording here.

Always at the same time, other hackers decided to open apart the *just purchased* IPhone in order to let us peek at its inner circuits
In another part of the globe, other hackers posted some hints about activating the IPhone's latent features without a cellphone contract and activation process.
Meanwhile, some other hackers started to talk about potential IPhone multiple security issues, just hours after the purchase.
At the end of the day, other hackers posted a link from which apparently it is possible to download the firmware of the IPhone, directly from an Apple server.

So much of attention for this newborn baby, we certainly want to do our part.

WABISABILABI is releasing a CALL FOR SECURITY RESEARCH AND ANALYSIS based on the IPhone hardware and software platform

Security researchers from all over the world are invited to report to us the findings and eventually use our marketplace platform to find buyers for their discoveries.

6 comments:

Anonymous said...

What motivation is there for me to report my vulnerabilities to you when I can simply sell them myself to various organizations?

WabiSabi Labi said...

The motivations are several:

1) we have a centralized marketplace, from which you can meet all the possible buyers in one shot.

2) selling through private contacts it might not give the fair market evaluation of your security research, which is the worst limitations in the current systems in place

3) you will revenue from the marketplace (and maybe from multiple sales) but you will also have a continuous stream of revenues coming from WSL side services such the Vulnerability Sharing Club.

Check our FAQ page (http://wslabi.com/wabisabilabi/faq.do? in a couple of days to discover how :)

Anonymous said...

I signed up as a bidder, i know want to become a seller, can you make this possible, with out me having to create another account.

WabiSabi Labi said...

For the time being, we suggest you to create a second account,if you already submitted the requested documentation then send a mail at info@wslabi.com, we will automatically enable your second account. In the future we will implement the feature you requested, in this view we thank you for your hint!

Anonymous said...

Isn't there a conflict of interest between the fact that you sell intelligence and security information/services to your customers-- yet also happen to be the ones in possession of the research to validate it? I haven't seen your contracts yet, but does this mean you have something in your contract that says as a researcher, I have to allow you to use my research in return for your "services" of helping me earn top dollar? Or... is it that you pay a fee to me in order to redistribute to your paying customers?
If the answer to either of these is "we don't do that", then I have no cause to believe submitting my information to you is a good idea. You can say what you want publicly, but the truth is no one is holding you accountable on the back end.

WabiSabi Labi said...

No, there isn't a conflict of interest, you just anticipated (congrats!) our next press release. Read our new post: Squeezing the lemon twice!