[ISN] WabiSabiLabi to help build 0day security box

From: InfoSec News (alerts@private)
Date: Thu May 08 2008 - 00:02:31 PDT


By Robert McMillan
IDG News Service
07 May 2008

WabiSabiLabi, the company best known for building an online marketplace 
for security flaws, is getting into the hardware business.

The company is working with a so-far unknown Italian company called 
Oneshield Security to build a unified threat management (UTM) appliance 
that will integrate the research generated by WabiSabiLabi's network of 

WabiSabiLabi did not say how this partnership will benefit the 
independent researchers who contribute to the company's marketplace of 
unpatched "0day" vulnerabilities, but that information will be 
forthcoming, said founder Roberto Preatoni in a blog posting.

UTM appliances blend several security products into one server. In 
addition to protecting from the WabiSabiLabi 0day attacks, the Oneshield 
device can serve as a firewall and anti-virus device and will provide 
protection from many different threats, including denial of service 
(DOS) attacks.

Since its founding nearly a year ago, WabiSabiLabi has garnered a lot of 
attention because of its controversial open-market approach to selling 
software vulnerabilities, as well as the legal troubles of Preatoni, who 
was arrested by Italian police in November on spying charges.

Preatoni, a colourful and well-known figure in security research 
circles, had worked as a penetration tester for Italy's largest 
telecommunications company, Telecom Italia. According to news reports, 
Preatoni helped staff a 10-member "Tiger Team" that has now been accused 
of hacking and spying on business executives and journalists in Italy.

Last month, Preatoni broke his silence on the case and said that he 
would stay on with WabiSabiLabi.

By integrating its unique research into a single device, Oneshield is 
doing the same thing as many larger security companies, said Jon Oltsik, 
senior analyst at Enterprise Strategy Group. "It's not unusual for 
companies to integrate customer premise equipment with threat research 
that they do," he said. "The thing that's unusual here is that they're 
looking to recruit partners to provide these services."

Oneshield expects to start shipping its appliance at the beginning of 
June. The company has not said what it plans to charge for the 
appliance, or for the optional managed security services package that 
will ship with it.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Thu May 08 2008 - 00:19:04 PDT