Notoriety and Wassenaar
July 25, 2015 3:10 PM   Subscribe

 
In some ways I wish they had anonymized this. Fundamentally it is stolen information.

Not that I'm going to stop reading, mind you. It's fascinating.
posted by Tell Me No Lies at 3:38 PM on July 25, 2015


I'm surprised just how sophisticated and banal the 0-day market is. It's just like any other commodity market with buyers, sellers and brokers.

How are end users supposed to combat 0-days and other threats? Relying on tools like antivirus and firewall seems increasingly naive and dangerous.
posted by Foci for Analysis at 3:43 PM on July 25, 2015


How are these actually used? Do people go after specific high-value targets? Are they a way into big corporate networks? Or are people actually just spraying these around at random machines on the internet?
posted by vogon_poet at 3:58 PM on July 25, 2015


How are end users supposed to combat 0-days and other threats? Relying on tools like antivirus and firewall seems increasingly naive and dangerous.

New research: Comparing how security experts and non-experts stay safe online
posted by p3on at 4:02 PM on July 25, 2015 [1 favorite]


Do people go after specific high-value targets? Are they a way into big corporate networks? Or are people actually just spraying these around at random machines on the internet?

Yes. In some cases it's specifically targeted - the makers of Stuxnet used several different zero-days (I've heard it ballparked at ~half a million dollars' worth) to target Iranian nuclear systems. In other cases, they're just trying to infect as many computers as possible, generally to add them to botnets. Having access to botnets, for everything from spamming to DDOSing to attempting to crack high-value targets, is where the real money is.
posted by Itaxpica at 5:25 PM on July 25, 2015


Botnets are basically cloud services for the black market. (Or, possibly more correct historically, cloud services are like botnets for legitimate businesses.)
posted by kaibutsu at 6:10 PM on July 25, 2015 [8 favorites]


How are end users supposed to combat 0-days and other threats?

We could do a charity ala The Trust For Public Lands called The Trust For 0-day Exploits. Just buy 'em up as they come on the market.
posted by Tell Me No Lies at 6:15 PM on July 25, 2015 [2 favorites]


In fact if these things really are selling for $100,000 a pop I can think of a much better use for the DHS budget than another screener for my underwear.
posted by Tell Me No Lies at 6:16 PM on July 25, 2015 [6 favorites]


USG is already buying up 0-days.

This is not for your benefit.
posted by save alive nothing that breatheth at 6:40 PM on July 25, 2015 [9 favorites]


In some ways I wish they had anonymized this. Fundamentally it is stolen information

Not really too outraged by naked pictures of the people who make X-ray goggles.

Also, MS Paint exploit LOL
posted by RobotVoodooPower at 7:42 PM on July 25, 2015 [2 favorites]


Not really too outraged by naked pictures of the people who make X-ray goggles.

Yeah, but I try to pretend that I'm better than them.
posted by Tell Me No Lies at 10:20 PM on July 25, 2015


Adobe software is such shit, god damn.
posted by ryanrs at 3:54 AM on July 26, 2015 [1 favorite]


Took me a second to realize USG == US Government, not drywall maker USG.
posted by qcubed at 9:00 AM on July 26, 2015


« Older "This one goes out to all the bad, bad girls."   |   Under Bridges, Over Bridges Newer »


This thread has been archived and is closed to new comments