Communications of the ACM
Google Attack Highlights 'zero-Day' Black Market
The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them on the black market.
Because no fix was available, the linchpin in the attack was one of the worst kinds of security holes. Criminals treasure these types of "zero-day" security vulnerabilities because they virtually guarantee the success of a shrewdly crafted attack.
Zero days refer to security vulnerabilities caused by programming errors that haven't been "patched," or fixed, by the products' developers. Such flaws can take months of full-time hacking to find. "Zero days are the safest for attackers to use, but they're also the hardest to find," says Ken Silva, chief technology officer of VeriSign Inc. "If it's not a zero day, it's not valuable at all."
From The Associated Press
View Full Article
No entries found