Headline, February09, 2014

''' OF Firecracke​rs

 -FIREWALLS​- and Fury '''

How hard the exploit  is to develop; the number of computers to which it provides access; and the value of those computers.

An exploit that can stealthily provide administrator privileges to a distant computer running Windows XP, a no-longer fashionable operating system, costs only about $40,000.

An exploit for  Internet Explorer, a popular browser, can cost as much as $500,000.

Software firms also buy exploits to identify and repair vulnerabilities in their products before others take advantage of them.

A small Vancouver firm called Tarsnap, for example, has paid 30 people who pointed out flaws in its encryption software for online PC backups.

To develop better defences for its clients computer systems. HP, an American giant, has spent more than $7m since 2005 buying hundreds of  ''zero days'' , as undiscovered exploits are also known in hacker slang.

Once discovered,  an exploit's days are numbered, literally: it become a ''one day'' , then a  ''two day'', and so on until the vulnerability it exploits is patched.

Such  ''big bounty''  schemes, however, will struggle to compete with buyers who want to exploit rather than seal vulnerabilities. Tarsnap's biggest payout was just $500. 

Last year Google offered Vupen, a French Firm, $60,000 for an exploit that burrowed into its Chrome browser.

Vupen's boss, Chaouki Bekrar, balked, noting that he could get more elsewhere.

Other reputable customers, such as Western Intelligence Agencies, often pay higher prices. Mr Lindelauf reckons that America's spies spend the most on exploits.

Vupen and other exploit vendors decline to name their clients. However, brisk sales are partly driven by demand from Defence Contractors that see  cyberspace as a  ''new battle domain''. says Matt Georgy:

Head of the technology at Endgame, a Maryland firm that sells most of its best exploits for between $100,000 and $200,000.

He laments a rise in sales by unscrupulous vendors to dangerous groups.

On March 12th the head of the Pentagon's Cyber Command, General Keith Alexander, warned the Senate Armed Services Committee: 

That state-sponsored groups are stepping up efforts to steal and destroy data using ''cybertools'' purchased in illicit online markets.

As an American military intelligence official points out, governments that buy exploits are  ''building the black market'' , thereby bankrolling dangerous R&D. 

For this reason, governments appear increasingly keen to develop exploits in-house.

Paulo Shakarian, a cyberwar expert at West Point, an American Military Academy, says one country for sure, is moving in that direction.

Developing exploits in-house reduces the risk that a double-dealing vendor will resell code meant to be exclusive. 

Even so, the trade isn't likely to fade away.

When developers work out a trick that gives them control over the targeted software, they like to yell out a celebratory screams ,''who's your daddy?'' notes Pierre Roberge, boss of Arc4dia,:

A Quebec firm that sells exploits to spy agencies.

Exploit trading will continue as long as people big money for the opportunity to utter the same joke  -this time at the expense of a victim who has been hacked.

And now back to the ASER survey that illuminates Education and its Infrastructure in Pakistan:

The functional toilets are available in 86.4% primary schools in Punjab, 56.7% in KP, 49.6% in Sindh, 40.7% in GB and 16.6% schools in Balochistan.

As high as 80.5% primary schools in Punjab have boundary-walls, as compared to 65.9% in KP, 63.2% in Sindh, 50.8% in GB and 24.7% primary schools in Balochistan.

With respectful dedication to the Students, Professors and Teachers of Germany. See Ya all on !WOW!  -the World Students Society Computers-Internet-Wireless:

''' Protecting Education Is Everyone's Honour '''

Good Night & God Bless!

SAM Daily Times - the Voice of the Voiceless


Post a Comment

Grace A Comment!