Slashdot Mirror
Zero-Days Doubled In 2015, More Companies Hiding Breach Data, Says Symantec (csoonline.com)
Reader itwbennett writes: According to a new report by security firm Symantec, 54 zero-day vulnerabilities were discovered in 2015, more than twice as many as in 2014, and the number of breaches -- 10 million records -- also hit a record high. Driving this is a new professionalism in the market. "People figured out that they could make money by finding zero-day vulnerabilities and selling them to attackers," said Kevin Haley, director of security response at Symantec. "So there became a marketplace, and these things started to have value, and people started to hunt for them." At the same time, 2015 saw another disturbing trend: The number of companies choosing not to report the number of records they have lost rose by 85 percent (from 61 in 2014 to 113 in 2015). "More and more companies aren't actually revealing what was breached," said Haley. 'They will say attackers came and stole from us, but not saying how many records were lost."
The dog ate it...
Dear Microlimp: I give you 2 valid product keys for win7 and you reject both of them. Piss off you wankers!!!
Deter criminals? You mean like how the death penalty has stopped anyone from ever murdering again? oh wait.......
The number of zero-day exploits should be trending down, not up.
Supposedly software and development tools are becoming more mature and programmers are gaining more experience (ostensibly reducing the amount of code that's susceptible to zero-day exploits), but this is obviously not the case.
As for prevention via the law, I doubt any penalty could or would be severe enough to dissuade anyone from using a zero-day exploit they found or bought, so I don't think a legal solution (i.e. prosecution, jail time, etc) is ever going to work.
I doubt even the threat of the death penalty would do it, because most people who commit crimes don't think they're going to be caught.
Just cruising through this digital world at 33 1/3 rpm...
You mean like how the death penalty has stopped anyone from ever murdering again?
Yep, that's the thing...most people who commit crimes don't think they're going to be caught. Dire consequences like the death penalty don't seem to deter people, even from premeditated murder, which you would think would be the kind of murder that people would be prevented from committing.
(Or, maybe it does in some cases, but we don't hear about murders that weren't committed because of the law. How would we know?)
But yeah, in general it doesn't seem to be much of a deterrent.
Just cruising through this digital world at 33 1/3 rpm...
Coming from a company known for, and having a long, colorful, illustrious history of rolling out notoriously insecure products. The number one spot belongs to all versions of Windows and Outbreak Express. Just saying.
Severe punishment is not a deterrent.
Knowledge that one will almost certainly be caught is a deterrent.
Getting caught is only half of it. They must face punishment and quickly. Word spreads among the criminal community and that is a deterrent. Dead people tell no tales, and they don't serve as a warning.
Every so often I see on one of those news programs where they go into a prison and talk to people on death row and/or serving life in prison. I wondered why they did this. It was only fairly recently I realized this. People don't see prisons, they don't see prisoners. I'm a rare person that has worked inside a prison with convicted felons and not have committed a felony myself. (I am a contracted state employee, I work on the computers the prisoners use.)
People need to know that people do get punished for breaking the law. We also need to know what those conditions are. We need to know both that they are treated well enough and that it's still not a pleasant place to be.
All too often criminals will get caught but there is not enough prison space for them. What happens then is that petty criminals keep up with their petty crimes because they never see the inside of a prison. They get probation after probation. It's only when they cross a certain line that they get confinement. We can thank the "war on some drugs" and mandatory minimums for much of this.
In my mind no prison sentence should exceed five years for a single crime. Getting 15 years in prison for having a couple doobies in a pocket is insane, first because marijuana possession should not be a crime, and second because people convicted of aggravated assault might get only 10 years.
One argument against a five year maximum is that some people just need to go away for a long time. Okay, then charge them with multiple crimes. It's not like we don't have enough crimes on the books to find something. I remember a guy that broke into a house, tied up the family, raped the women, and then set the house on fire. Only the father survived by tearing through his restraints enough to crawl out of the burning house. So let's add that up, five counts unlawful imprisonment, four counts murder in the first, one count attempted murder, two counts rape, one count arson. If convicted on all crimes that thug is effectively getting a life sentence.
Prison also needs to be an unpleasant experience. They should not get to see sports on TV. They can read it in the newspaper. If they behave themselves then they can listen to it on the radio. They need to learn a trade and have a job by the time they get out. I think that by giving the incentive of getting out early they'd at least try to learn and find a job.
People speed and 99 times out of 100 they don't get caught.
That brings to mind another thing. Don't punish released criminals for trying to protect themselves and their families. By that I mean this prohibition on convicted felons from possessing firearms is cruel and unusual in my mind. It is also why I believe that that there are so many criminals returning to prison. Certainly some criminals possess firearms to return to crime but if one is truly reformed in prison then we should allow them to own a shotgun to go hunt with their children. If they are no longer a threat to the point that we can release them from confinement then we can allow them to keep a pistol on the nightstand while they sleep in their crappy apartment.
Tell me which is worse, getting caught armed by the police and doing another ten years in prison or getting caught unarmed by a home invader and ending up dead? This is precisely the dilemma the Second Amendment was created to avoid.
I am armed because I am free. I am free because I am armed.
It seems to be in the interest of the general good that companies be legally compelled to disclose when they have been breached as well as the extent of the breach. If nothing else, this will enhance the "Free Market" by driving people away from companies that are irresponsible.
Therefore, I predict a number of marionettes-err-congress critters-err-politicians will be against this idea.
Anons need not reply. Questions end with a question mark.
> A lot of these Mature Programmers are use to making applications based on Local systems access ...
> Also most of these apps are based on Older Code sets, Taking a PC App and just changing the UI to be Web Based.
Yep, many programmers are reasonably competent for desktop programming, where the user is trying to make the program work correctly. They are trained in and don't think with the mindset that "users" are attacking the software daily, trying to find ways to make it fail. Because Windows is the most popular desktop of all time, there are an especially high number of experienced Windows programmers who habitually think with a desktop-like mindset, not an adversarial mindset where the user is an attacker.
This goes along with the problems of teaching everyone to code just a little bit. They know enough that they can make it mostly work, most of the time. Thinking about how it be forced to not work correctly, how it responds to invalid and malicious input, is an entirely different level.
We're also lacking in tools and libraries which have been formerly proven safe, but the mindset of programmers and their managers is the biggest thing. If every line of code is looked at with an eye toward "how could this go wrong" we'd have MUCH more reliable software . If it works reliably even when being attacked, think about how well it will work when you're not attacking it!
1) is bullshit. Heat of "passion" is a crap of excuse. I once saw a dude beating up his girlfriend. I stopped my car, got out and got in between them. He said she made him mad and that is why he was beating her up. I pushed him really hard and asked him if that made him mad. He said yes. I sad why aren't you hitting me? It was because I was 9 inches taller and about 70 lbs of muscle more than him. People CAN control their passions, they just choose not to when there is no danger to them. It is also why I am a big defender of 2nd Amendment. Passions change when you're staring down the barrel of a Glock
2) Premeditated murder comes at a cost. If that cost actually was "death", there would be some incentive to not ever go through with it. And quite frankly, even if we don't have that exact number, it is greater than 0, and that is a deterrent.
3) Altered states is like driving drunk IMHO You didn't mean to, but you didn't mean not to as well. I have no sympathy for people here. (excluding Mental Illness)
4) Accidents, by definition aren't murder.
And you conveniently forget the murderers who commit additional murders once released. Death Penalty would definitely prevent (not deter) those.
Finally, you totally ignore self preservation as a motivation for anything. Which is why you're viewpoint is completely wrong. At least my view is principled, I oppose the death penalty on practical grounds, there are way too many ways our systems fail. My view is pragmatic and you are unable to sway my opinion with unprovable claims of deterrence and prevention (either which way) .
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.