![]() Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
![]() |
Why government cyber attacks hurt usThe most dangerous cracks in our computers, phones and tablets are called "Zero Day Exploits." These are the vulnerabilities that were not discovered before being found in the wild being used as exploits.In the old model hackers would find these exploits and sometimes win a prize. They would report the vulnerability to the vendor and give them a few months to fix it. Then make an announcement, get some glory, get speaking engagements and consulting contracts and help make a safer world because these flaws were revealed and fixed. The new model is that they sell these exploits to government agencies or contractors for very large prices and never let the vendor know about them. Forbes recently published an article about this including some prices for previously unknown exploits.
The scary part about this, is that instead of revealing and fixing the vulnerabilities, they are hidden and exploited. Furthermore, you are putting some frightening incentives in front of programmers who are writing software for Microsoft, Adobe, Apple or Oracle. If they put a backdoor into the software, an exploit that would be very hard to find, it could function as an insurance policy or pension fund should they ever lose their job. Won't some programmers be tempted by a six digit payday? Our world keeps changing. An article on this by Bruce Schneier is here, and an article in Business Week also explores it. Finally, Forbes has interviews with some of the hackers. One quote from that article with regards to a vulnerability found in Google's Chrome: "We wouldn’t share this with Google for even $1 million," says Bekrar. "We don't want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers." Apparently, his company sells subscriptions for $100,000/yr. which will give the subscriber the right to shop for items in its catalog of exploits. Date: June 2012
![]() This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|