My apologies for not posting a new blog entry in such a long time. A busy work schedule, business trips and the holidays thrown in for good measure prevented me from paying as much attention to the blog as I should have.
Well, we are one month into the new year now. Worms and viruses keep coming at us. One vulnerability, which was discussed in great length in recent weeks was the so-called WMF (Windows Meta File) flaw. Merely by visiting a compromised web-site, a user's PC could already be infected.
Interestingly, in September of last year I wrote an article about the possibility of an emerging black-market for vulnerabilities. The idea is that certain individuals are willing to pay money to get their hands on exploits, which allow them to compromise more machines. These machines can then be used for lucrative businesses, such as spam, p0rn hosting, DDoS attacks, click-fraud, etc.
Today eWeek reported that the WMF exploit was available for money, in exactly this black-market for vulnerabilities, weeks before security researchers even knew about it. For $4000 the exploit was offered in the middle of December last year by Russian hacker groups. Here is an interesting quote from the article:
There are dozens of these sites with hackers offering zero-day code for sale all the time. They even have a mechanism to test the code to make sure it is legitimate and will get past anti-virus software.
The lesson we can learn from this is: Zero-day attacks will remain a threat to our network and computer security. Therefore, we will continue to see attacks that manage to evade signature based security solutions.
Juergen
Do companies like Esphion participate in this black market as a sales generation strategy, or purchase these vulnerabilities for testing purposes?
Posted by: Scott Overmyer | August 25, 2006 at 12:38 AM
Hi all. Reality is that which, when you stop believing in it, doesn't go away. Help me! Help to find sites on the: Penny stock picking. I found only this - swing trading stock pick. Iceman stock picks, to wrestle for this, short complete or irrational programs after the hedge candidate must be structured for. A large fibre includes of at least three piles of the significant exposure, 09 stock picks. Waiting for a reply :cool:, Lizina from Ethiopia.
Posted by: Lizina | August 29, 2009 at 06:58 AM
Thanks for your good and attractive blog. It is very much appreciated.
Posted by: Penny Stocks | February 23, 2010 at 07:51 PM
This is very beauty article, I like it, thank you!To the word you may be one person, but to one person you may be the world.
Posted by: Authentic Pandora | May 31, 2011 at 08:48 PM
nice...!
Posted by: rohini | July 10, 2011 at 11:22 PM
Ok that's a good reason for not blogging. I am frreakiiiiing! michael and michael = heaven. Has the show been picked up? or are you guys doing the pilot? Shet we need more info about your show!!
Posted by: moncler outlet | September 23, 2011 at 07:24 PM
I agree with you. This post is truly inspiring. I love all your articles and share with usthe latest, very rich, I would like to bookmark the page so that I can come here again to see you, you have done a wonderful job
Posted by: canada goose coat | October 15, 2011 at 06:40 PM
http://www.northface4sale.org My apologies for not posting a new blog entry in such a long time. A busy work schedule, business trips
Posted by: cheap north face | October 24, 2011 at 09:45 PM
This is a very popular brand of products accepted by the public and welcome!
Posted by: Marc Jacobs bags | December 06, 2011 at 08:10 PM