Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight
This is an interesting read regardless if you know about this market or not.
Secrecy surrounding ‘zero-day exploits’ industry (cont)
3 posts • Page 1 of 1
Secrecy surrounding ‘zero-day exploits’ industry (cont)
by limdis on Sun Sep 02, 2012 8:53 pm
([msg=69099]see Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])
The Washington Post:
Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight
This is an interesting read regardless if you know about this market or not.
Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight
This is an interesting read regardless if you know about this market or not.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
"Drink all the booze, hack all the things."
-
limdis - Moderator
- Posts: 977
- Joined: Mon Jun 28, 2010 5:45 pm
- Blog: View Blog (0)
Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)
by tremor77 on Wed Sep 05, 2012 11:25 am
([msg=69139]see Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])
Want to hear my conspiracy theory?
Many Zero-days are intentional and they are intentional from two origins.
1. Software Company A- intentionally creates a 0day in their program, at the behest of an intelligence agency. Eventually the exploit gets publicly revealed by someone in the ethical community, at which point company A makes a patch but takes no flack beyond that.
2. Software Company B's underpaid employee A- drops a 0day into a program with the intent on selling it for a bonus. Once the 0day breaks, Company B makes a patch, determines who is responsible, launches an investigation, contacts the FBI, who subsequently note that employee A has a lot more money now.
3. And sometimes it's just plain bad programming.
Many Zero-days are intentional and they are intentional from two origins.
1. Software Company A- intentionally creates a 0day in their program, at the behest of an intelligence agency. Eventually the exploit gets publicly revealed by someone in the ethical community, at which point company A makes a patch but takes no flack beyond that.
2. Software Company B's underpaid employee A- drops a 0day into a program with the intent on selling it for a bonus. Once the 0day breaks, Company B makes a patch, determines who is responsible, launches an investigation, contacts the FBI, who subsequently note that employee A has a lot more money now.
3. And sometimes it's just plain bad programming.
-
tremor77 - Moderator
- Posts: 780
- Joined: Wed Mar 31, 2010 12:00 pm
- Location: New York
- Blog: View Blog (0)
Re: Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)
by WallShadow on Wed Sep 05, 2012 2:43 pm
([msg=69141]see Re: Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])
This article talks an awful lot about the government regulating the trade of 0days. The way I see it, this is a perfect opportunity for the government to just bag dozens of them for new version of stuxnet and stuff.
-
WallShadow - Contributor
- Posts: 535
- Joined: Tue Mar 06, 2012 9:37 pm
- Blog: View Blog (0)
3 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests