back to article Hackers get 10 MONTHS to pwn victims with 0-days before world+dog finds out

Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study. Researchers from Symantec reckon that these zero-day attacks, so called because they are launched well before vendors are even aware of the vulnerabilities, are more prevalent and …

COMMENTS

This topic is closed for new posts.
Silver badge

Well of course they do

If you disclose a security hole you risk getting sued by the company, at best you get a tiny bit of reputation.

If you sell the security hole on the black market you get real money.

9
0
Linux

Re: Well of course they do

I do wonder when companies will realize that it could be financially beneficial to offer good money for Zero day exploits.

Look a flying pig

1
0
Anonymous Coward

"hackers" include Government agencies etc...

The .wmf vulnerability appears to have been left in Windows for ages... possibly deliberately as it was so useful for agencies to exploit to get password sniffing trojans installed on the computers of targets.

1
1
Anonymous Coward

Time for change

All hackers should be hung by their thumbs for 4-6 months depending on the severity of their crime.

0
2
Coat

zero day exploits ?

seems they are average, negative 312 day exploits to me

outta here

3
0
Thumb Up

Re: zero day exploits ?

can not up vote enough!

0
0
Linux

symantec self serving "information"

Here's the simple truth. Anti-Viruses and ever growing black-lists are an anathema to security.

Symantec's whole business model of selling subscriptions for black-lists to corporations is based on the ignorance of millions.

If you really want security, ditch your fundamentally unsecure infrastructure and black-lists. As a bonus, your computers will get much faster too. Indeed, "anti-virus" variants are the biggest viruses ever invented.

0
0
Bronze badge
Childcatcher

Re: symantec self serving "information"

"Anti-Viruses and ever growing black-lists are an anathema to security. ... If you really want security, ditch your fundamentally unsecure infrastructure and black-lists."

Essentially, your solution is to rely on security by obscurity and isolating all machines from any network connection. Is that it?

0
0
FAIL

Theres hackers, then theres crackers... then theres the people in the middle! Then theres symantec

The scale of hats worn...

Whitehats --- software vendors or usually 'professionals' within the electronics security industry that usually do it for commercial or financial profit and get the "big credit".

Greyhats --- The people that research this stuff to find and create fixes for self purposes/non-commercial purposes or to 'rarely' alert software vendors/professionals of the blackhat's advances, usually absent of financial profit and at most risk for disclosure liability, but plenty of technical knowledge and usually not short of blackhat contacts or where to find such, yet do not pose any threat to man or dog, else they'd be a "blackhat".

Blackhats --- Of course usually crackers, who sit there trying to figure out how to break into systems, usually targetted attacks against particular infrastructures/applications which they "emulate", sometimes at the request for commercial or financial profit, and sometimes the means could be illegal.

I dont see whats new,complex or surprising about this? Have Symantec just woken up from the medieval ages or just stumbled upon a lucky 'find' or 'treasure trail' which no doubt the blackhats would soon get wind and disperse?

0
0
Gold badge
FAIL

Yup... the result of "responsible" disclosure

There are certainly vulnerabilities where the blackhats simply know about a vulnerability WELL before anyone else. But, this is also the best reason NOT to follow the so-called "responsible" disclosure -- companies will SIT on a vulnerability, sometimes for years. In other words (other than the whitehat and someone or other at the company), the hackers know about the vuln while world+dog does not.

0
0

Re: Yup... the result of "responsible" disclosure

most "responsible" disclosure if the company does not fix the issue within good time (3-6months?) they norm go public with it

0
0
Anonymous Coward

Leyla Bilge and Tudor Dumitras

Best. Names. Evarrr!

Can't wait fir this crime-fighting duo to get their own TV series.

0
0
Trollface

US government crooks?

As the US government are one of the best payers for zero days does that mean you are calling them crooks!

0
2
Anonymous Coward

Re: US government crooks?

That's like saying the sky is blue.

0
1
Megaphone

Re: US government crooks?

.........And.......in related news......

"Pamela Geller: Darkness descending in England

Oct 27, 2012 11:53 am | Robert [- Spencer's Jihad Watch]

In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders...

read more...."

END Paste.

0
0
Megaphone

Re: US government crooks?

......may I add here that they [ Muslims already resident in our America] are very skillful at "lawfare" against anything in our America which these Muslims here already perceive to be potentially anti-Muslim......keep an eye on the progress for/against that mega-mosque planned in Middle Tennessee in anticipation of further Muslim growth there.....in our "Bible Belt"....

These Muslims are a burrowing, infiltrating formidable enemy....we Americans have yet to wake up to that fact.

0
0

It won't change until people stop being stupid shitheads.

The laws must change. Until those middle age witch searchers will punish hackers - it is easier to fuck things up, than to fix!

I keep fixing vulnerable SOHO routers, but stupid people keep threatning me, writing to the police about me. People are stupid, degenerate shitheads, with down syndrome. Thats is a fact.

0
0
WTF?

........and, in directly related "Other News"......,

pasted here from Robert Spencer's "Jihad Watch"......

.......Pamela Geller: Darkness descending in England

Oct 27, 2012 11:53 am | Robert

In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders..."

End Paste.

0
0
This topic is closed for new posts.

Forums