Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

US Navy buying day zero exploits for own use

Options
  • 15-06-2015 3:14pm
    #1
    Overheal
    Registered Users Posts: 82,083 ✭✭✭✭


    http://gizmodo.com/the-u-s-navy-wants-to-buy-zero-day-security-flaws-from-1711340651

    Basically if you find an exploit in say Android that lets you read people's photo galleries, you have a couple options: alert google to the security flaw, or, you can exploit it yourself. Or you could sell it to someone like the Russians or the Chinese, who have been characterized for their hacking - OR, you could go with the US Navy who is now advertising. Presumably you will go the latter, because America.


Comments

  • Options
    #2
    ScumLord
    Registered Users Posts: 28,789 ✭✭✭✭ScumLord


    The U.S. Navy Wants to Buy Zero-Day Security Flaws From You
    It's not as catchy as their last hit single.


  • Options
    #3
    A Primal Nut
    Registered Users Posts: 5,949 ✭✭✭A Primal Nut


    I don't think this is a CT, it's pretty much common knowledge and the mainstream media have reported on it before:

    http://in.reuters.com/article/2013/05/10/usa-cyberweapons-idINDEE9490AX20130510?type=economicNews

    Google, Facebook, etc will pay a certain amount if you reveal a zero day exploit in their software to them but it's quite small compared to how much the US military will pay for the same exploit. Sometimes the software providers don't acknowledge the hacker who revealed the vulnerability or use any excuse not to pay. In the case of Microsoft they won't pay anything. So the software providers are shooting themselves in the foot over what should be a priority for them.

    I think I also read recently that legally the NSA are supposed to report any zero day vulnerabilities that they find, but as always there is a vague exception when there is "urgent National Security requirements".


  • Options
    #4
    Torakx
    Registered Users Posts: 3,831 ✭✭✭Torakx


    If Google and Facebook are joined or spawned from the CIA or NSA, who are already tied in well with military as well I'm sure, then it sounds like it's a win win either way.


  • Options
    #5
    ScumLord
    Registered Users Posts: 28,789 ✭✭✭✭ScumLord


    A Primal Nut wrote: »
    Google, Facebook, etc will pay a certain amount if you reveal a zero day exploit in their software to them but it's quite small compared to how much the US military will pay for the same exploit.
    The difference would be that google or facebook want to know about the exploits so they can close them for the safety of their users. The US Navy want to find out about them so they can use the exploits against other people or organisations.


Advertisement