Delays Lead To Zero Day Vulnerability

Democracy, the elusive political system, got a lift from Twitter’s Founder, Evan Williams. As we shared earlier this week, prior to Google’s recent refusal to abide by China’s censorship rules, CCTV’s Tian Wei reminded everyone that Google courted and vowed to keep within China’s rules and firewalls, prior to launching there. The Twitter founder says they had an advantage in evading government censors from operating as a network of internet and mobile applications, rather than as a single website. "Twitter is a network that is accessed in thousands of ways."

Feeling Vulnerable?

According to the FT.com piece, Twitter, Facebook, LinkedIn and MySpace brass at Davos were "challenged" to debate censorship. Evan’s comments didn’t get into specifics about the "interesting hacks" he planned on using to get around countries like China and Iran’s demands, but he said, "the most productive way to fight that is not by trying to engage China and other governments whose very being is against what we are about. I am hopeful there are technological ways around these barriers."

All of a sudden, the geeks of the tech world are gathering to take on countries, with human rights problems, which we thought we were courting for financial and trade support. Yet, I still can’t get a single politician who is running for office here in California to comment on these activities.

Google’s problems however look more and more like they originated because "previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market." "The attackers waltzed into victims’ computers, like burglars with a key to the back door, by exploiting such a zero-day vulnerability in Microsoft’s Internet Explorer browser."

"How did the perpetrators learn about the flaw? Most likely, they merely had to tap a thriving underground market, where a hole "wide enough to drive a truck through" can command hundreds of thousands of dollars, said Ken Silva, chief technology officer of VeriSign. " The fee, "maybe $40,000 on the black market," says Pedram Amini, manager of the Zero Day Initiative at the security firm TippingPoint.

"Zero day" refers to security vulnerabilities caused by programming errors that haven’t been "patched," or fixed, by the products’ developers. Often those companies don’t know the weaknesses exist and have had zero days to work on closing the holes. Mr. Softy knew about the problem since last September, and planned to fix it next month.  That’s not unusual as programmers are routinely scheduled far in advance especially with ongoing issues.

  - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
The Top 10 Reports for Managing Vulnerabilities
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

The big problem comes now that zero-day openings are easily found and purchased.  The government and software leaders are all in the market for buying zero-day openings, "VeriSign’s iDefense Labs and 3Com’s TippingPoint division run programs that buy zero-day vulnerabilities from researchers in the so-called "white market." They alert the affected companies without publicly disclosing the flaw and use the information to get a jump on rivals on building protections into their security products. "

Still looking for anything you can share on California’s upcoming Governor and Senate races. Still can’t get a comment from any of the lead candidates or incumbents. Let us know if you find anything on these topics please. Hawk@nethawk.net

Tek-Tips

, , ,

No comments yet.

Leave a Reply


*