Vista Insecurity for Sale?
eWeek has an article on the alleged sale of MS Windows Vista Zero-Day Exploits. Of course, these are unconfirmed reports but at the prices that are being quoted looks like this is a triving underground industry.
Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.
In an interview with eWEEK, Trend Micro’s chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.
Of course, it is not very difficult to imagine what people would like to buy these exploits for. These folk could buy these exploits and release trojans and bots to hijack these new MS Windows Vista PCs for their no good purposes. This because a “real” problem. The confirmation of the existence of an underground market for these exploits should be enough to wake-up software developers on the “importance” of information security. Security must be default and is non-negotiable.
PS. This is in addition to other Vista problems that include its inability to run MS SQL Server and a new consumer launch delay.
December 17th, 2006 at 11:24 am
Wheew! I thought there was really another consumer launch delay. Good thing it’s still the Jan 30 launch next year. I’m expecting better drivers for my hardware by then, and having another delay would just prolong my agony.
December 17th, 2006 at 1:27 pm
Ah yes, Vista is more agony today just for the eye candy. Most of the folk I know are waiting for better reasons to move.
Then again… Eye candy is typically enough reason.