Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Business is Booming in the 'Zero-Day' Game

HonorPoncaCityDotCom (2980655) writes | about 9 months ago


HonorPoncaCityDotCom (2980655) writes "Want to be a millionaire? Forget about writing the next killer Andriod app as Nicole Perlroth and David E. Sanger write in the NY Times that all over the world, from South Africa to South Korea, business is booming in “zero days,” the coding flaws in software like Microsoft Windows that can give a buyer unfettered access to a computer. The average attack persists for almost a year — 312 days — before it is detected, according to Symantec, the maker of antivirus software. Until then it can be exploited or “weaponized” by both criminals and governments to spy on, steal from or attack their target. Ten years ago, hackers would hand knowledge of such flaws to Microsoft and Google free in exchange for a T-shirt but increasingly the market for 0-day exploits, has begun to migrate into the commercial space (PDF) as the market for information about computer vulnerabilities has turned into a gold rush. Companies like Vupen charge customers an annual $100,000 subscription fee to shop through its catalog, and then charges per sale. to countries who want to use the flaws in pursuit of the kind of success that the United States and Israel achieved three summers ago when they attacked Iran’s nuclear enrichment program with a computer worm that became known as “Stuxnet.” Israel, Britain, Russia, India and Brazil are some of the biggest spenders but North Korea is also in the market, as are some Middle Eastern intelligence services. "If someone comes to you with a bug that could affect millions of devices and says, ‘You would be the only one to have this if you pay my fee,’ there will always be someone inclined to pay it," says Howard Schmidt, a former White House cybersecurity coordinator. “Unfortunately, dancing with the devil in cyberspace has been pretty common.”"

0 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account