Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study. Researchers from Symantec reckon that these zero-day attacks, so called because they are launched well before vendors are even aware of the vulnerabilities, are more prevalent and …
Well of course they do
If you disclose a security hole you risk getting sued by the company, at best you get a tiny bit of reputation.
If you sell the security hole on the black market you get real money.
Re: Well of course they do
I do wonder when companies will realize that it could be financially beneficial to offer good money for Zero day exploits.
Look a flying pig
"hackers" include Government agencies etc...
The .wmf vulnerability appears to have been left in Windows for ages... possibly deliberately as it was so useful for agencies to exploit to get password sniffing trojans installed on the computers of targets.
Time for change
All hackers should be hung by their thumbs for 4-6 months depending on the severity of their crime.
zero day exploits ?
seems they are average, negative 312 day exploits to me
Re: zero day exploits ?
can not up vote enough!
symantec self serving "information"
Here's the simple truth. Anti-Viruses and ever growing black-lists are an anathema to security.
Symantec's whole business model of selling subscriptions for black-lists to corporations is based on the ignorance of millions.
If you really want security, ditch your fundamentally unsecure infrastructure and black-lists. As a bonus, your computers will get much faster too. Indeed, "anti-virus" variants are the biggest viruses ever invented.
Re: symantec self serving "information"
"Anti-Viruses and ever growing black-lists are an anathema to security. ... If you really want security, ditch your fundamentally unsecure infrastructure and black-lists."
Essentially, your solution is to rely on security by obscurity and isolating all machines from any network connection. Is that it?
Theres hackers, then theres crackers... then theres the people in the middle! Then theres symantec
The scale of hats worn...
Whitehats --- software vendors or usually 'professionals' within the electronics security industry that usually do it for commercial or financial profit and get the "big credit".
Greyhats --- The people that research this stuff to find and create fixes for self purposes/non-commercial purposes or to 'rarely' alert software vendors/professionals of the blackhat's advances, usually absent of financial profit and at most risk for disclosure liability, but plenty of technical knowledge and usually not short of blackhat contacts or where to find such, yet do not pose any threat to man or dog, else they'd be a "blackhat".
Blackhats --- Of course usually crackers, who sit there trying to figure out how to break into systems, usually targetted attacks against particular infrastructures/applications which they "emulate", sometimes at the request for commercial or financial profit, and sometimes the means could be illegal.
I dont see whats new,complex or surprising about this? Have Symantec just woken up from the medieval ages or just stumbled upon a lucky 'find' or 'treasure trail' which no doubt the blackhats would soon get wind and disperse?
Yup... the result of "responsible" disclosure
There are certainly vulnerabilities where the blackhats simply know about a vulnerability WELL before anyone else. But, this is also the best reason NOT to follow the so-called "responsible" disclosure -- companies will SIT on a vulnerability, sometimes for years. In other words (other than the whitehat and someone or other at the company), the hackers know about the vuln while world+dog does not.
Re: Yup... the result of "responsible" disclosure
most "responsible" disclosure if the company does not fix the issue within good time (3-6months?) they norm go public with it
Leyla Bilge and Tudor Dumitras
Best. Names. Evarrr!
Can't wait fir this crime-fighting duo to get their own TV series.
US government crooks?
As the US government are one of the best payers for zero days does that mean you are calling them crooks!
Re: US government crooks?
That's like saying the sky is blue.
Re: US government crooks?
.........And.......in related news......
"Pamela Geller: Darkness descending in England
Oct 27, 2012 11:53 am | Robert [- Spencer's Jihad Watch]
In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders...
Re: US government crooks?
......may I add here that they [ Muslims already resident in our America] are very skillful at "lawfare" against anything in our America which these Muslims here already perceive to be potentially anti-Muslim......keep an eye on the progress for/against that mega-mosque planned in Middle Tennessee in anticipation of further Muslim growth there.....in our "Bible Belt"....
These Muslims are a burrowing, infiltrating formidable enemy....we Americans have yet to wake up to that fact.
It won't change until people stop being stupid shitheads.
The laws must change. Until those middle age witch searchers will punish hackers - it is easier to fuck things up, than to fix!
I keep fixing vulnerable SOHO routers, but stupid people keep threatning me, writing to the police about me. People are stupid, degenerate shitheads, with down syndrome. Thats is a fact.
........and, in directly related "Other News"......,
pasted here from Robert Spencer's "Jihad Watch"......
.......Pamela Geller: Darkness descending in England
Oct 27, 2012 11:53 am | Robert
In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders..."
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA