— offensive security (@offsectraining) 26 Giugno 2014
I don’t want to discuss about adsense’s “hacking and cracking policies”. I just want to explain why, in my opinion, this decision is wrong, dangerous for any organization and company and should increase the coasts of any information security related work.
Exploit-db and backtrack-linux (kali.org since some time) are two of the best exploits repository in the world. Of course people can use these informations to provide malicious activities, but there’s many people that use them to avoid and prevent malicious activities. Using the latest available exploit, it’s possible to develop IPS signature, configure a SIEM without wait for some vendor update…
Every morning, a security analist make a search on exploit-db database to know if new risks are in the wild. Every day many security analists (at least, I think so) work on exploit-db to verify, categorize and finally, share dozens of exploit. This make the information security more efficient at a cheaper price. If these projects will lost adsense support definitively, the minus gain will forward the informations shared for free, in a background market where only some black hat will be able to gain money by selling and buying this kind of knowledge.
Google isn’t a government agency and may choose to do business with those who want to, but since its core business is “our web browsing” the best choice should be improve the security web browsing by finance projects like these. Maybe someone in Google think “ignorance is bliss“, IMHO “ignorance is shit“.