- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - The hacker group that exposed holes in McAfee's website knows it's breaking U.S. law, but vows to continue exposing vulnerabilities, especially on security vendor websites.
"We do understand performing security testings without authorization is illegal under U.S. law," stated YGN Ethical Hacker Group, when contacted by Network World via e-mail. The outfit's own website describes YGN as a "small group of young but mature people" based in the country of Myanmar (Burma) who started working together about three years ago. Based on its website advertising, the group, which seeks to emphasize its goals are "ethical," appears to offer vulnerability-testing services while also working on security testing tools.
BACKGROUND: McAfee website full of holes, researcher says
In response to a question about why it's so secretive, YGN says, "Secrecy is very important to us that our Burmese government might not call us up to misuse our skills to attack their most hated countries including U.S., Norway...etc."
McAfee, which offers its "McAfee Secure" branded scan service for daily website evaluation and has Foundstone vulnerability-testing tools, earlier this week responded to Network World, which reported YGN's findings in a public security-discussion forum. A McAfee spokesperson said, "McAfee is aware of these vulnerabilities and we are working to fix them. It is important to note that these vulnerabilities do not expose any of McAfee's customer, partner or corporate information. Additionally, we have not seen any malicious exploitation of the vulnerabilities." McAfee has so far not made further comment.
QUIZ: Do you know IT security?
YGN indicates it may continue its campaign of performing vulnerability test scans on websites, particularly those of security vendors, because it feels this is the right thing to do: "As responsible netizens, we believe that YGN Ethical Hacker Group is liable to disclose security issues in high-profile web sites where thousands of users exist to rely on their security-related services/products. It is unethical by human conduct to sell security products/services while vendors don't care [about] fixing their issues."
YGN, which doesn't want to disclose the names of its members, said they want to "represent our country" and "'to do security research to contribute to the security of users in [the] digital world."
YGN also participates in security research groups, including EvilFingers, which security analyst Shyaam Sundhar Rajamadam Srinivasan indicated he started with his wife in 2006. When asked about YGN, and whether doing vulnerability tests on websites without the owner's permission is wrong or illegal, Srinivasan is direct.