Secrecy surrounding ‘zero-day exploits’ industry (cont)

General technological topics without their own forum go here

Secrecy surrounding ‘zero-day exploits’ industry (cont)

Post by limdis on Sun Sep 02, 2012 8:53 pm
([msg=69099]see Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])

The Washington Post:
Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight

This is an interesting read regardless if you know about this market or not. ;)
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1358
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)

Post by tremor77 on Wed Sep 05, 2012 11:25 am
([msg=69139]see Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])

Want to hear my conspiracy theory?

Many Zero-days are intentional and they are intentional from two origins.

1. Software Company A- intentionally creates a 0day in their program, at the behest of an intelligence agency. Eventually the exploit gets publicly revealed by someone in the ethical community, at which point company A makes a patch but takes no flack beyond that.

2. Software Company B's underpaid employee A- drops a 0day into a program with the intent on selling it for a bonus. Once the 0day breaks, Company B makes a patch, determines who is responsible, launches an investigation, contacts the FBI, who subsequently note that employee A has a lot more money now.

3. And sometimes it's just plain bad programming.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)

Post by WallShadow on Wed Sep 05, 2012 2:43 pm
([msg=69141]see Re: Re: Secrecy surrounding ‘zero-day exploits’ industry (cont)[/msg])

This article talks an awful lot about the government regulating the trade of 0days. The way I see it, this is a perfect opportunity for the government to just bag dozens of them for new version of stuxnet and stuff.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests