As chapter 12 "Digital Underworld" of The Universal Machine explains, hackers come in three varieties: white hat hackers, these are the good guys who are employed by organisations to find vulnerabilities in their systems and software; black hat hackers, the bad guys who attempt to find vulnerabilities and exploit them for their own nefarious purposes; and grey hat hackers, who are not employed by companies to find vulnerabilities, but will sell the exploits for a fee. You could think of them like freelance white hats, who are not on a contract, but get a finders fee.
As a fascinating article in Forbes explains there is now a growing international market in zero-day exploits. When a hacker finds a security vulnerability in a piece of software, Internet Explorer for example, and a means of using that vulnerability, it's called an exploit. If the manufacturer of the software doesn't know of the exploit it's called a zero-day exploit (i.e. no days have passed since it's known about and presumably patched). Zero-day exploits are inherently valuable since bad people can do bad things with them and a company if it's aware of the exploit can patch the vulnerability before it's used and not receive bad PR. Here's a price list for zero-day exploits, from the Forbes article.
iOS exploits are the most valuable because of Apple's reputation for security, but conversely Mac OS X exploits are relatively cheap compared to Windows because fewer people use OS X, so an exploit might not be as useful. The Forbes article is well worth reading as it gives you an insight into the secretive and lucrative world of the hackers. Perhaps you should consider a new career?
No comments:
Post a Comment