Gufodotto would like you to read these:

Tuesday, January 30, 2007

The new market of exploit and viruses

I think I've heard many times the comparison between our computers and an ecosystem, where multiple species (programs) compete for CPU-time and other resources. Computer program have their viruses, too, which spread at the expenses of other programs, exploiting their vulnerabilities. Some viruses hide within the program itself, some other burrow within the file that other softwares 'eat' - an image, for example, and are able to get executed and do their own business thanks to so-called 'exploit', code snippets which exemplify the way of attacking said program, of exploiting one of its known weaknesses. But the situation goes beyond this, now. This weaknesses and the expliouits are usually found, by chance or intentionally, by users which untilam few years ago would receive from software giants like M$ very little, may be a hand shake, in the worst of cases they would be threatened with a court action if they were to disclose them. I hated this way of doing...

Now however, security experts and 'hackers' have become clever, and instead of disclosing the newfound holes do put them up for auction, where they are often snatched not only by security firms interested in letting their clinets know about it. Sometimes, the buyer is a criminal 'firm' intersted in actually exploiting the hole to plant in your PC some nasty spyware, to steal your credit card number or such.


but hey, I really believe that this situation has been created by the hostility of big companies (M$ in primis) towards hackers. By doing so they've alienated their simpatyes, and by driving them in the underground they're facilitating this clandestine market of information.


anyway, the NY Times has an interesting piece about it.

No comments: