Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Vulnerabilities On the Market

Posted by CmdrTaco on from the not-as-good-as-my-negative-four-day dept.

An anonymous reader writes "Zero-day vulnerabilities have become prized possessions to attackers and defenders alike. As the recent China-Google attack demonstrated, they are the basis on which most of the successful attacks are crafted these days. There is an underground market growing around these vulnerabilities, but there are also 'white markets' — set up by VeriSign, TippingPoint, Google — where they buy zero-day flaws and alert the companies so that they can patch their products before the vulnerabilities can be taken advantage of."

10 of 94 comments (clear)

  1. Re:I'm surprised white markets aren't more common by adonoman · · Score: 2, Insightful

    It'd work great until a few farmers, who sold to the government instead of the local underground, wind up dead.

  2. ... you are sadly mistaken by thijsh · · Score: 4, Insightful

    You seem to be under the impression that the war (on drugs) has anything to do with logical reasoning...
    It's a great idea though, and I bet it will in fact work *and* be cheaper.

  3. Re:I'm surprised white markets aren't more common by L4t3r4lu5 · · Score: 4, Insightful

    Buying products other than opium, i.e. incentives to plant other crops would be better.

    On another point, don't you think the Taliban might be a little irritated by this and, ooooh I don't know, cut off some farmers heads? I hear they've been known to do that to make a point.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  4. Re:I'm surprised white markets aren't more common by swb · · Score: 3, Insightful

    We can incentivize the growing of other crops, too, but we should also be prepared to buy up the opium crop.

    The alternative is destroying the opium crop; this impoverishes the farmer further, destroys his livelihood and causes him to not just grow opium, but join the Taliban.

  5. Re:"Zero-day" is just noise by bsDaemon · · Score: 2, Insightful

    I always thought 0-day should refer to time between the software itself is releasedand an exploit is found. Frankly, that would make more sense and that's the type of vulnerability that would actually be somewhat impressive as well as potentially devastating. If a piece of software has been floating around for a few months and then an attack against it is announced, I assume that the vector has been exploited already without an announcement and am hardly surprised that a vulnerability has been found by that point in time.

  6. Re:I'm surprised white markets aren't more common by Yvanhoe · · Score: 4, Insightful

    The taliban are actually opposed to drugs production. While they were in power, the area of opium cultures fell down incredibely quick. It came back thanks to the war. The drugs lords are a faction different from the talibans.

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  7. Re:I'm surprised white markets aren't more common by Jenming · · Score: 2, Insightful

    I bet the Opium would still reach the consumer at comparable prices.

    The Opiate trade does not exist because of Afghanistan farmers or the Taliban, it exists because consumers really want Opiates.

    --
    Morpheus, God of Dreams.
  8. Re:I'm surprised white markets aren't more common by ratboy666 · · Score: 2, Insightful

    The Taliban sells heroin?

    Um... no. In July 2000, Mullah Omar ordered a ban on poppy cultivation. As far as I know, this hasn't been lifted. Other members of the Northern Alliance are responsible.

    I presume you are a US citizen; please know your enemy. The Taliban may be at war with the US, but they are even harder on drugs. It is about as conceivable as Pat Robertson selling heroin to fund Christian Outreach.

    --
    Just another "Cubible(sic) Joe" 2 17 3061
  9. Re:Be careful. by SeePage87 · · Score: 3, Insightful

    Maybe. The interesting thing is that the exploit is both the attack also what is needed to fix it. There's a credible threat that others may use the same exploit, not just the one who found it. A company who did this openly, whose founding documents declare they only sell software vulnerability information with the software's creator, whose NDAs included clauses that they will never share this information with others in to perpetuity regardless of the potential client's decision on whether to buy the information... I think they could develop a defensible case and eventually a trusted brand image. Just because a company sells fire insurance doesn't mean they're really threatening to commit arson.

  10. Re:I'm surprised white markets aren't more common by _Sprocket_ · · Score: 2, Insightful

    The taliban are actually opposed to drugs production. While they were in power, the area of opium cultures fell down incredibely quick. It came back thanks to the war. The drugs lords are a faction different from the talibans.

    Which is all nice and fine as long as the Taliban remains in control. But what happened after?

    There are reports that the Taliban are now involved in the drug trade again. Despite the use of this as obvious propaganda, it isn't that far fetched as the Taliban initially hadn't had a problem with opium since it was a drug for foreigners (hashish was another matter). Of course, it's also very likely that the Taliban is only one of many players in the increased trade. Narcotics is a major industry and quickly becomes prominent in any unstable environment. It becomes a vehicle for not only criminals and warlords but other traders in power to include intelligence agencies and legitimate businesses.