Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

US Navy buying day zero exploits for own use

  • 15-06-2015 2:14pm
    #1
    Registered Users, Registered Users 2 Posts: 86,729 ✭✭✭✭


    http://gizmodo.com/the-u-s-navy-wants-to-buy-zero-day-security-flaws-from-1711340651

    Basically if you find an exploit in say Android that lets you read people's photo galleries, you have a couple options: alert google to the security flaw, or, you can exploit it yourself. Or you could sell it to someone like the Russians or the Chinese, who have been characterized for their hacking - OR, you could go with the US Navy who is now advertising. Presumably you will go the latter, because America.


Comments

  • Registered Users, Registered Users 2 Posts: 28,789 ✭✭✭✭ScumLord


    The U.S. Navy Wants to Buy Zero-Day Security Flaws From You
    It's not as catchy as their last hit single.


  • Registered Users, Registered Users 2 Posts: 5,949 ✭✭✭A Primal Nut


    I don't think this is a CT, it's pretty much common knowledge and the mainstream media have reported on it before:

    http://in.reuters.com/article/2013/05/10/usa-cyberweapons-idINDEE9490AX20130510?type=economicNews

    Google, Facebook, etc will pay a certain amount if you reveal a zero day exploit in their software to them but it's quite small compared to how much the US military will pay for the same exploit. Sometimes the software providers don't acknowledge the hacker who revealed the vulnerability or use any excuse not to pay. In the case of Microsoft they won't pay anything. So the software providers are shooting themselves in the foot over what should be a priority for them.

    I think I also read recently that legally the NSA are supposed to report any zero day vulnerabilities that they find, but as always there is a vague exception when there is "urgent National Security requirements".


  • Registered Users, Registered Users 2 Posts: 3,831 ✭✭✭Torakx


    If Google and Facebook are joined or spawned from the CIA or NSA, who are already tied in well with military as well I'm sure, then it sounds like it's a win win either way.


  • Registered Users, Registered Users 2 Posts: 28,789 ✭✭✭✭ScumLord


    Google, Facebook, etc will pay a certain amount if you reveal a zero day exploit in their software to them but it's quite small compared to how much the US military will pay for the same exploit.
    The difference would be that google or facebook want to know about the exploits so they can close them for the safety of their users. The US Navy want to find out about them so they can use the exploits against other people or organisations.


Advertisement