Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Vulnerabilities On the Market

Posted by CmdrTaco on from the not-as-good-as-my-negative-four-day dept.

An anonymous reader writes "Zero-day vulnerabilities have become prized possessions to attackers and defenders alike. As the recent China-Google attack demonstrated, they are the basis on which most of the successful attacks are crafted these days. There is an underground market growing around these vulnerabilities, but there are also 'white markets' — set up by VeriSign, TippingPoint, Google — where they buy zero-day flaws and alert the companies so that they can patch their products before the vulnerabilities can be taken advantage of."

3 of 94 comments (clear)

  1. Re:I'm surprised white markets aren't more common by bluesatin · · Score: 3, Informative

    I think it would be a grand strategy in Afghanistan -- build goodwill with farmers through buying their crop at prices better than the Taliban is offering, denying the Taliban a source of income through trafficking and probably having a significant supply reduction in the global heroin market.

    This would probably cause a knock-on effect of increasing production in the area, due to the fact that you will be increasing the profits for the poppy growers, and perhaps also encouraging people to start poppy farming; selling to US troops is probably a hell of a lot less scary than selling to the Taliban.

  2. Re:I'm surprised white markets aren't more common by Ltap · · Score: 4, Informative

    You're right. The drug-growing problem in Afghanistan is two-fold: very little will grow there other than desert plants. Opium grows there and is extremely profitable to grow, so if they were to try and grow other crops, they would probably not be sustainable without more infrastructure (such as an irrigation network to grow crops that need more ground water). There have been attempts to cultivate some local plants to extract oils for use in beauty products, but it's a niche market and only a small amount of farmers can do it without over-saturating the market. A crop that would grow in Afghanistan, is in demand, and is rare enough to warrant transportation costs to the rest of the world is the ideal crop, and right now that is opium. Until there is a viable alternative, that is what farmers will grow.

    --
    Yet Another Tech Blog
    (but so much more, including game and movie reviews)
    http://yanteb.peasantoid.org
  3. Re:"Zero-day" is just noise by chill · · Score: 3, Informative

    0-day means there is no patch available, as opposed to vulns that come out after patches are issued and you could possibly upgrade your system to being secure.

    Anything that is patched, but you haven't bothered to update your system and are thus vulnerable to, isn't a 0-day.

    --
    Learning HOW to think is more important than learning WHAT to think.