Protection Racket or Libel Suit?

CNet News.com has reported that

... as part of VDA's business model, vendors are asked to pay for the bugs it discovers, or its consulting services, otherwise VDA threatens to sell the bug to a third party or make the details of the security flaw public.

Is VDA's founder Jared DeMott just another racketeer? Or is there a libel suit on the winds?

Findlaw says that most states define extortion as "the gaining of property or money by almost any kind of force, or threat of 1) violence, 2) property damage, 3) harm to reputation, or 4) unfavorable government action."

"Pay up or else!" seems to be what CNet is reporting about VDA. But then again, I'm no legal scholar.

Apparently neither is Mr. DeMott.

Don't Miss!

A couple of "don't miss" articles might be useful.

Jeff Crume's recent article on the myths and reality of Directories is a positive discussion of a topic that has been a source of considerable teeth gnashing if not outright nonsense.

Infoweek claims hacking attempts are up 81% this year, riding on the backs of Man In The Middle Attack kits reported to being sold at various hacker sites.

MITM based phishing continues to be not only theoretically possible, but a straight-forward exercise for anyone conversant in HTTP based technology. My new friends at Indiana University illustrate the an alternate view of the problem I discussed in a previous post. They also have a nice repository of papers if you're interested in a more academic treatment of phishing.

Cheers!

~r