Improper Information Access: A Way to Make Some Money

November 24, 2015

I read “Zerodium Revealed Prices” (original is in Russian). the main point of the write up is that exploits or hacks are available for a price. Some of these are attacks which may not be documented by the white hat folks who monitor the exploit and malware suburbs connected to the information highway.

The paragraph I noted explained what Zerodium will pay for a fresh, juicy exploit.

image

Here’s the explanation. Please, recognize that Russian, unlike one of my relative’s language skills, is not my go to language:

For a remote control access exploit which intercepts the victim’s computer through Safari or Microsoft’s browser company is willing to pay $ 50 000. A more sophisticated “entry point” is considered Chrome: for the attack through Zerodium pays $ 80,000. Zerodium will pay $5,000 for a vulnerability in WordPress, Joomla and Drupal. Breaking the TorBrowser can earn the programmer about $30.000… A remote exploit bypassing the protection Android or Windows Phone, will bring its author a $100,000. A working exploit of iOS will earn the developer $500,000.

Zerodium explains itself this way:

Zerodium is a privately held and venture backed startup, founded by cybersecurity veterans with unparalleled experience in advanced vulnerability research and exploitation. We’ve created
Zerodium to build a global community of talented and independent security researchers working together to provide the most up-to-date source of cybersecurity research and capabilities.

The company’s logo is nifty too:

image

The purple OD emphasizes the zero day angle. Are exploits search and information access? Yep, they can be. Not advocating, just stating a fact.

Stephen E Arnold, November 24, 2015

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta