Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Zero-Day Affecting All OS Versions On Sale For $90,000 (softpedia.com)

Posted by BeauHD on from the going-once-going-twice-sold dept.

An anonymous reader writes: "A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM," writes Softpedia. The zero-day is up for sale on a Russian underground hacking forum, and is currently available for $90,000 -- after it was initially up for $95,000. The hacker is saying he'll sell the zero-day to one person only, who'll receive its source code and a working demo. Two videos are available, one showing the hacker exploit Windows 10 with the May 2016 security patch, and another one bypassing all EMET features. While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

10 of 187 comments (clear)

  1. It is worth what somebody will pay for it by thue · · Score: 4, Insightful

    > While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.

    If they think there is a buyer who will pay $90,000 for it, then it is per definition not overpriced.

    1. Re:It is worth what somebody will pay for it by Anonymous Coward · · Score: 5, Funny

      I got Windows 10, including all its vulnerabilities, for free. No way is anyone paying $90K for just one of them.

    2. Re:It is worth what somebody will pay for it by Dr_Barnowl · · Score: 4, Interesting

      Learning Linux is like learning to drive a stick shift.

      A few more skills, in exchange for more efficiency and better performance.

    3. Re:It is worth what somebody will pay for it by Opportunist · · Score: 5, Insightful

      The problem is, most of the Joe Randomusers out there use their computer primarily as a toy.

      What Joe wants is to look at his Facebook, read his mail, chat with friends and play some games. And that's it. Yes, we up here in our beautiful ivory tower, we might have some lofty ideas what our computers should or should not do, but that matters little to the 99% of Joes out there. They don't care about spyware in their OS. They don't care about only being allowed to install software from the walled garden (because that's all THEY want). And they don't give a shit that we rant and rave against it.

      And neither do hardware makers. They care about sales numbers. If that means to offer locked down hardware that is to the liking of governments and corporations, they will offer locked down hardware. Not because they are "evil", because they hate free speech or because they don't want us to actually own the machines we pay for, but simply because that means more sales.

      So yes, if you want freedom, you have to cater to that Joe out there who wants to play with his toys. Because we are few and the Joes are many. So we need those Joes that want their toys in our boat to get the hardware (and software) makers to do what we want.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Not overpriced at $90K by xxxJonBoyxxx · · Score: 5, Interesting

    >> While security experts think the ($90K) zero-day may be overpriced

    As a security expert and occasional entrepreneur, let me tell you why this isn't overpriced. Let's say you could deliver 10,000 phishing emails that lead to installation of $70/unlock ransomware screens, of which 50% of victims usually pay. That's $350K of revenue, minus costs of the initial phishing campaign ($5K-ish), bitcoin exchange fees (maybe $10K) and the $90K for your zero day. That leaves a profit of about $250K - not bad for a few days of work.

  3. Re:Its not over priced by Opportunist · · Score: 5, Insightful

    Isn't it heartwarming how quickly those Commies embraced Capitalism?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Pfffft by JustAnotherOldGuy · · Score: 4, Funny

    That's nothing. I've got a zero-day bug called "Norton Anti-Virus" that pwns all versions of Windows and it's only $49.99.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  5. Re:Its not over priced by JustAnotherOldGuy · · Score: 4, Insightful

    I totally trust the guy when he says he only will sell it to one customer. Why would he want to sell it to many customers? To get more money? Never!

    Exactly. Russian hackers are known for their unfailing honesty and fair dealings in their business practices.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  6. Re:Its not over priced by Anonymous Coward · · Score: 4, Funny

    Thank goodness Western hackers only do it for God and country

  7. Re:Its not over priced by Falos · · Score: 4, Insightful

    Offering a $100 water bottle to someone dying in the desert is overpriced. You people are deliberately spreading this bullshit about "There's no such thing as 'overpriced' we can charge anything for anything".

    Using the imaginary property racket to monopolize a $500 pill is overpriced. Oops, someone found a functional reprint and is giving it away, now your angry shareholders are gonna have you black bagged.