Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Zero-Day Affecting All OS Versions On Sale For $90,000 (softpedia.com)

Posted by BeauHD on from the going-once-going-twice-sold dept.

An anonymous reader writes: "A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM," writes Softpedia. The zero-day is up for sale on a Russian underground hacking forum, and is currently available for $90,000 -- after it was initially up for $95,000. The hacker is saying he'll sell the zero-day to one person only, who'll receive its source code and a working demo. Two videos are available, one showing the hacker exploit Windows 10 with the May 2016 security patch, and another one bypassing all EMET features. While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

9 of 187 comments (clear)

  1. Its not over priced by Anonymous Coward · · Score: 3, Insightful

    if some one will pay it.

    1. Re:Its not over priced by Opportunist · · Score: 5, Insightful

      Isn't it heartwarming how quickly those Commies embraced Capitalism?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Its not over priced by JustAnotherOldGuy · · Score: 4, Insightful

      I totally trust the guy when he says he only will sell it to one customer. Why would he want to sell it to many customers? To get more money? Never!

      Exactly. Russian hackers are known for their unfailing honesty and fair dealings in their business practices.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    3. Re:Its not over priced by Falos · · Score: 4, Insightful

      Offering a $100 water bottle to someone dying in the desert is overpriced. You people are deliberately spreading this bullshit about "There's no such thing as 'overpriced' we can charge anything for anything".

      Using the imaginary property racket to monopolize a $500 pill is overpriced. Oops, someone found a functional reprint and is giving it away, now your angry shareholders are gonna have you black bagged.

    4. Re:Its not over priced by sshir · · Score: 3, Insightful

      I'm not economist, but still, I think you are wrong. By saying "$100 water bottle to someone dying in the desert" you are intentionally conflating water's utility in that particular situation with water's _marginal_ utility and cost. Who knows how that particular bottle ended up in the desert, might be that the seller is dying from thirst himself, etc.
      BTW, marginal utility (and marginal cost) of that vulnerability is exactly zero. Do you expect getting it for free?

      And $500 pill might be an abuse of monopoly position, and might not be (e.g. massive R&D with small number of cases). And while government gives copyright protection it also has the power to rein on monopoly abuses. Blame your slow or corrupt or incompetent government for not slapping pharma's hand. Again - granted monopoly comes with price controls - pharma might self regulate if they wish but don't have to (they have shareholders to feed, risky R&D investments to make, etc).

  2. It is worth what somebody will pay for it by thue · · Score: 4, Insightful

    > While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

    If they think there is a buyer who will pay $90,000 for it, then it is per definition not overpriced.

    1. Re:It is worth what somebody will pay for it by jo7hs2 · · Score: 3, Insightful

      Actually, EPA mileage estimates usually come out slightly *higher* for automatics now. Just saying.

    2. Re:It is worth what somebody will pay for it by Opportunist · · Score: 5, Insightful

      The problem is, most of the Joe Randomusers out there use their computer primarily as a toy.

      What Joe wants is to look at his Facebook, read his mail, chat with friends and play some games. And that's it. Yes, we up here in our beautiful ivory tower, we might have some lofty ideas what our computers should or should not do, but that matters little to the 99% of Joes out there. They don't care about spyware in their OS. They don't care about only being allowed to install software from the walled garden (because that's all THEY want). And they don't give a shit that we rant and rave against it.

      And neither do hardware makers. They care about sales numbers. If that means to offer locked down hardware that is to the liking of governments and corporations, they will offer locked down hardware. Not because they are "evil", because they hate free speech or because they don't want us to actually own the machines we pay for, but simply because that means more sales.

      So yes, if you want freedom, you have to cater to that Joe out there who wants to play with his toys. Because we are few and the Joes are many. So we need those Joes that want their toys in our boat to get the hardware (and software) makers to do what we want.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:It is worth what somebody will pay for it by clarkn0va · · Score: 3, Insightful

      And if Microsoft themselves do not attempt to buy it, then they've shown how much they value their own product. Or the customer base. Or security in general.

      Of course, we knew the latter already...

      While I agree that MS cares nothing for security or their customers so long as they retain the ability to take people's money, there are good reasons for them not to pay this ransom. To do so would be to promote this type of black hat activity, and they have no substantial assurance that they will get what they paid for.

      --
      I am literally 3000 tokens away from the chaotic crossbow --Stephen