Hey frenzz...
In continuation of the history of the company Vupen, which sells high-exploit clients - Western intelligence agencies, governments, security agencies, Forbes magazine published a fairly detailed price list for exploits 0day, including Adobe Reader, Mac OSX, Android, Flash or Java plugins for the browser , Microsoft Word, Windows, browsers Firefox, Safari, Chrome and IE, and exploits the most expensive - for iOS.
The plate was derived from conversations with experts who are involved in this business. Although it is legally, many professionals prefer to remain anonymous. Brokers exploit that openly give interviews as Grugq, - a rare case. Nevertheless, there are several companies that have a certain reputation as a serious brokers: it Vupen, Endgame, and Netragard.
The prices listed in the table are on the black market. It is easy to see that they are much higher than the amounts that are paid as a reward for the found vulnerability of Mozilla, Google, Microsoft and others. Moreover, some companies like Apple does not pay for the discovered vulnerabilities, so that professionals have to either disclose information on any of the conference on security and deserve universal respect for, or report it through a third-party software HP Zero Day and get a reward of up to ten thousand dollars. But on the black market, as already stated, the prices are much higher. In the case of rare vulnerability iOS difference can be tenfold.
The above Grugq broker said in an interview with Forbes, which last month sold the exploit for iOS customers from the U.S. government agency for $ 250,000. The broker does not specify exactly what the organization has bought an exploit, and who was the supplier, but said it was probably a bad bargain in the deal because "the client was very pleased."
Buyers are not just government agencies. For example, Netragard, which is also engaged in buying and selling exploits, browser exploits recently sold for $ 125,000 to a private company that was going to use it to experiment for marketing purposes. Founder Netragard has been in business for about ten years and says that last year the market was a real burst of activity. If before they were selling exploits of 4-6 per month, but now it is easy to sell at 12-14.
In continuation of the history of the company Vupen, which sells high-exploit clients - Western intelligence agencies, governments, security agencies, Forbes magazine published a fairly detailed price list for exploits 0day, including Adobe Reader, Mac OSX, Android, Flash or Java plugins for the browser , Microsoft Word, Windows, browsers Firefox, Safari, Chrome and IE, and exploits the most expensive - for iOS.
The prices listed in the table are on the black market. It is easy to see that they are much higher than the amounts that are paid as a reward for the found vulnerability of Mozilla, Google, Microsoft and others. Moreover, some companies like Apple does not pay for the discovered vulnerabilities, so that professionals have to either disclose information on any of the conference on security and deserve universal respect for, or report it through a third-party software HP Zero Day and get a reward of up to ten thousand dollars. But on the black market, as already stated, the prices are much higher. In the case of rare vulnerability iOS difference can be tenfold.
The above Grugq broker said in an interview with Forbes, which last month sold the exploit for iOS customers from the U.S. government agency for $ 250,000. The broker does not specify exactly what the organization has bought an exploit, and who was the supplier, but said it was probably a bad bargain in the deal because "the client was very pleased."
Buyers are not just government agencies. For example, Netragard, which is also engaged in buying and selling exploits, browser exploits recently sold for $ 125,000 to a private company that was going to use it to experiment for marketing purposes. Founder Netragard has been in business for about ten years and says that last year the market was a real burst of activity. If before they were selling exploits of 4-6 per month, but now it is easy to sell at 12-14.
0 comments:
Post a Comment