Welcome to the Malware-Industrial Complex

[InfoSec News <alerts () infosecnews org>]

http://www.technologyreview.com/news/507971/welcome-to-the-malware-industrial-complex/

By Tom Simonite
MIT Technology Review
February 13, 2013

Every summer, computer security experts get together in Las Vegas for Black Hat 
and DEFCON, conferences that have earned notoriety for presentations 
demonstrating critical security holes discovered in widely used software. But 
while the conferences continue to draw big crowds, regular attendees say the 
bugs unveiled haven’t been quite so dramatic in recent years.

One reason is that a freshly discovered weakness in a popular piece of 
software, known in the trade as a “zero-day” vulnerability because the software 
makers have had no time to develop a fix, can be cashed in for much more than a 
reputation boost and some free drinks at the bar. Information about such flaws 
can command prices in the hundreds of thousands of dollars from defense 
contractors, security agencies and governments.

This trade in zero-day exploits is poorly documented, but it is perhaps the 
most visible part of a new industry that in the years to come is likely to 
swallow growing portions of the U.S. national defense budget, reshape 
international relations, and perhaps make the Web less safe for everyone.

Zero-day exploits are valuable because they can be used to sneak software onto 
a computer system without detection by conventional computer security measures, 
such as antivirus packages or firewalls. Criminals might do that to intercept 
credit card numbers. An intelligence agency or military force might steal 
diplomatic communications or even shut down a power plant.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org