Login
Signup
Write a post
Switch light

Zero-Day Exploits – Hacking Without Mercy

55
8 years ago
in#programming

It allows skilled hackers to inflict serious damage to companies without leaving them any time to respond.

A hacker in his natural outfit
image source

Two kinds of hackers

In computer science, a zero-day exploit is a security vulnerability that is engaged before the weakness becomes known to the public. There are two types of specialists who research system vulnerabilities: The first type is interested in fixing the loophole – they work closely with the developers and respond to the name “ethical hackers”, “penetration testers”, “good guys”. The second type is interested in exploiting the system vulnerability; These Siths are generally referred to as “hackers”. Easily recognizable, since they always wear a black hoodie and mask while operating their computer.

Zero-day

If the hackers are able to obtain knowledge of a vulnerability first, they can construct a malware that targets it and make the code available to their community, before it is known to the software developers. The ‘vulnerability window’ refers to the time frame system developers have to patch a system after a vulnerability becomes known. In this case: zero days, hence the term.

Vulnerability timeline

Let’s have a look at the timeline of a zero-day attack.

  1. The software developers created software, without being aware that it contains a vulnerability.

  2. A hacker discovers the vulnerability before anyone else.

  3. The attacker implements an exploit code to target the available vulnerability.

  4. After the exploit is released or used against a target, the developers learn about it and start working on a patch.

Once a patch is built and released, the exploit is not called a zero-day exploit anymore.
You see, timing matters. The hackers gain advantage by obtaining information about the exploit before everyone else. When the developers find out they have to choose wisely – do they announce it to caution everyone? It could be throwing the hackers a bone. Do they keep it a secret? It could lead to a news scandal and massive PR damage.

If mom only knew what's going down in her basement
image source

Protecting your system

From a user’s perspective, zero-day attacks are difficult to prevent since they are often found in generally trusted software. Antivirus and anti-malware software cannot protect you from malware that has never been seen before. However, a proper firewall can prevent the malware from executing nasty stuff on your PC. To mitigate risk, you should stay away from buggy software and download security updates whenever possible for the apps you use.

Any computer program is likely to contain errors or weaknesses that can be exploited. Some software has notoriously bad security reputation and subject of an overwhelming number of exploits. Such systems are Microsoft Windows, Microsoft Office, Skype and other popular applications. It makes sense, right? It’s efficient to write malware systems that are used by the majority of people.

Here are some examples of recent zero-day exploits for further reading:
Adobe Flash Player Exploit
Microsoft Office Encapsulated PostScript

The case for free software


Mainstream propaganda argues that free (open-source) software is more vulnerable to exploitation because the source code is visible and accessible to anyone. The reality is quite different: Because the code is visible to anyone, it gets reviewed far more often by voluntary developers than any proprietary counterpart and a bug fix can be developed much faster. Furthermore, any technical reader can verify that there is no malicious intent hidden in the source code. Proprietary software is developed behind closed doors, without the pressure to provide any evidence of their code functionality. Far too often these companies cannot resist the temptation to build in some backdoors to spy on their users – I talk more about this here. When a hacker discovers a new vulnerability in their secretive code, we can really feel the implication of these decisions.

Oh, here is a list of 493 vulnerabilities found in Windows 10.

I rest my case.

Information sources:
Norton: Zero Day Vulnerabilities
What-Is-What: Zero Day Exploit
Zero Day Wiki
More Articles like this:
Do you want know about Google alternatives?(Read article)
Do you want to know more about free and open software? (Read article)

Thank you for visiting my blog! If you enjoy my content, you are welcome to follow me for more updates. ᕦ(ò_óˇ)ᕤ
- Nick ( @cryptonik ) -

Cryptonik-Logo

Originally posted in the /f/programming forum on chainBB.com (learn more).
programmingsecuritytechnologyprivacysteemitbloggers
8 years ago
cryptonik55
Posted from spendHBD
$ 32.10
22
H2
H3
H4
Upload from PC
Video gallery
3 columns
2 columns
1 column
26 Comments