Friday, July 29, 2016

Wooyun management arrested in China for disclosing vulnerabilities to the gov

I blogged earlier that Wooyun was forced to shut down with rumors that the management was arrested for reporting vulnerabilities of government's assets.

This has been confirmed by Southern Weekly. This marks a huge step backwards for information security in China. Rather than rewarding white hats to submit issues to vulnerability disclosure platform, the government took the shocking approach to shut down the platform. Arresting the white hats for penetrating the system regardless of his intent might be justified in a legal sense, but shutting down a platform that itself doesn't perform any hacking is just ridiculous. Without the vulnerability disclosure platform, white hats, let alone black hats are more likely to sell the vulnerability in the grey markets.  Even if the white hats trying to contact the asset owner to patch the vulnerability, such notifications are commonly ignored in China. The end result is that many more vulnerabilities will be unpatched due to the government's hostile attitude.

In China, we have a saying that it's much easier to solve the people who raise the issues rather than the issue itself. You can see such attitude in many political events and I won't be surprised by this attitude at all. But this time, the gov takes one step further: The gov is not even solving the people who raise the issues, but the messenger. This is truly 掩耳盗铃.


1 comment:

  1. Wow, this is really interesting reading. I am glad I found this and got to read it. Great job on this content. I like it. london weight management review

    ReplyDelete