Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study. Researchers from Symantec reckon that these zero-day attacks, so called because they are launched well before vendors are even aware of the vulnerabilities, are more prevalent …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 24th October 2012 10:39 GMT Christian Berger

Well of course they do

If you disclose a security hole you risk getting sued by the company, at best you get a tiny bit of reputation.

If you sell the security hole on the black market you get real money.

9 0
1. Wednesday 24th October 2012 13:41 GMT I think so I am?
  
  Re: Well of course they do
  
  I do wonder when companies will realize that it could be financially beneficial to offer good money for Zero day exploits.
  
  Look a flying pig
  
  1 0
Wednesday 24th October 2012 12:43 GMT Anonymous Coward

"hackers" include Government agencies etc...

The .wmf vulnerability appears to have been left in Windows for ages... possibly deliberately as it was so useful for agencies to exploit to get password sniffing trojans installed on the computers of targets.

1 1
Wednesday 24th October 2012 13:48 GMT Anonymous Coward

Time for change

All hackers should be hung by their thumbs for 4-6 months depending on the severity of their crime.

0 2
Wednesday 24th October 2012 15:51 GMT 0_Flybert_0

zero day exploits ?

seems they are average, negative 312 day exploits to me

outta here

3 0
1. Thursday 25th October 2012 08:08 GMT mr. deadlift
  
  Re: zero day exploits ?
  
  can not up vote enough!
  
  0 0
Wednesday 24th October 2012 17:24 GMT elreg subscriber

symantec self serving "information"

Here's the simple truth. Anti-Viruses and ever growing black-lists are an anathema to security.

Symantec's whole business model of selling subscriptions for black-lists to corporations is based on the ignorance of millions.

If you really want security, ditch your fundamentally unsecure infrastructure and black-lists. As a bonus, your computers will get much faster too. Indeed, "anti-virus" variants are the biggest viruses ever invented.

0 0
1. Thursday 25th October 2012 12:49 GMT Robert Helpmann??
  
  Re: symantec self serving "information"
  
  "Anti-Viruses and ever growing black-lists are an anathema to security. ... If you really want security, ditch your fundamentally unsecure infrastructure and black-lists."
  
  Essentially, your solution is to rely on security by obscurity and isolating all machines from any network connection. Is that it?
  
  0 0
Wednesday 24th October 2012 17:54 GMT koolholio

Theres hackers, then theres crackers... then theres the people in the middle! Then theres symantec

The scale of hats worn...

Whitehats --- software vendors or usually 'professionals' within the electronics security industry that usually do it for commercial or financial profit and get the "big credit".

Greyhats --- The people that research this stuff to find and create fixes for self purposes/non-commercial purposes or to 'rarely' alert software vendors/professionals of the blackhat's advances, usually absent of financial profit and at most risk for disclosure liability, but plenty of technical knowledge and usually not short of blackhat contacts or where to find such, yet do not pose any threat to man or dog, else they'd be a "blackhat".

Blackhats --- Of course usually crackers, who sit there trying to figure out how to break into systems, usually targetted attacks against particular infrastructures/applications which they "emulate", sometimes at the request for commercial or financial profit, and sometimes the means could be illegal.

I dont see whats new,complex or surprising about this? Have Symantec just woken up from the medieval ages or just stumbled upon a lucky 'find' or 'treasure trail' which no doubt the blackhats would soon get wind and disperse?

0 0
Wednesday 24th October 2012 23:12 GMT Henry Wertz 1

Yup... the result of "responsible" disclosure

There are certainly vulnerabilities where the blackhats simply know about a vulnerability WELL before anyone else. But, this is also the best reason NOT to follow the so-called "responsible" disclosure -- companies will SIT on a vulnerability, sometimes for years. In other words (other than the whitehat and someone or other at the company), the hackers know about the vuln while world+dog does not.

0 0
1. Thursday 25th October 2012 05:21 GMT leexgx
  
  Re: Yup... the result of "responsible" disclosure
  
  most "responsible" disclosure if the company does not fix the issue within good time (3-6months?) they norm go public with it
  
  0 0
Thursday 25th October 2012 05:29 GMT Anonymous Coward

Leyla Bilge and Tudor Dumitras

Best. Names. Evarrr!

Can't wait fir this crime-fighting duo to get their own TV series.

0 0
Thursday 25th October 2012 07:36 GMT Confuciousmobil

US government crooks?

As the US government are one of the best payers for zero days does that mean you are calling them crooks!

0 2
1. Friday 26th October 2012 15:25 GMT Anonymous Coward
  
  Re: US government crooks?
  
  That's like saying the sky is blue.
  
  0 1
2. Sunday 28th October 2012 14:57 GMT FormerKowloonTonger
  
  Re: US government crooks?
  
  .........And.......in related news......
  
  "Pamela Geller: Darkness descending in England
  
  Oct 27, 2012 11:53 am | Robert [- Spencer's Jihad Watch]
  
  In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders...
  
  read more...."
  
  END Paste.
  
  0 0
  1. Sunday 28th October 2012 16:36 GMT FormerKowloonTonger
    
    Re: US government crooks?
    
    ......may I add here that they [ Muslims already resident in our America] are very skillful at "lawfare" against anything in our America which these Muslims here already perceive to be potentially anti-Muslim......keep an eye on the progress for/against that mega-mosque planned in Middle Tennessee in anticipation of further Muslim growth there.....in our "Bible Belt"....
    
    These Muslims are a burrowing, infiltrating formidable enemy....we Americans have yet to wake up to that fact.
    
    0 0
Saturday 27th October 2012 16:43 GMT Hckr

It won't change until people stop being stupid shitheads.

The laws must change. Until those middle age witch searchers will punish hackers - it is easier to fuck things up, than to fix!

I keep fixing vulnerable SOHO routers, but stupid people keep threatning me, writing to the police about me. People are stupid, degenerate shitheads, with down syndrome. Thats is a fact.

0 0
Sunday 28th October 2012 14:52 GMT FormerKowloonTonger

........and, in directly related "Other News"......,

pasted here from Robert Spencer's "Jihad Watch"......

.......Pamela Geller: Darkness descending in England

Oct 27, 2012 11:53 am | Robert

In "Darkness Descending in England" in the American Thinker, October 26, Pamela Geller details the British government's extra-legal persecution of those trying to defend England from jihad and Sharia: The arrest of over 53 people in the United Kingdom is the beginning of the end for once-great Britain. The leaders..."

End Paste.

0 0