Vupen brags about Windows 8 hack

Not sure if this has been posted yet. Sorry if it has.

Article

 

Wow. That is disgusting.

 

And the cycle starts anew. On the subject of Vupen, I just can't get behind non-disclosure for profit.

 

Well, full disclosure doesn't strike me as so good either. But this is ridiculous - it's basically blackhat stuff.

 

Well, it's a balance. I don't want a bug-finder telling the world, but I don't want them leaving out the vendor so they can make more with higher-paying sources either like Vupen is doing. Paid, responsible disclosure is the best way to work in my opinion.

 

Okay... Reading some more, it looks like Vupen's clients are all governments, and almost exclusively democratic ones. So this is not entirely black and white.

Even so, this strikes me as a rather irresponsible kind of business. Even the most progressive democratic governments are not immune to greed, bigotry, and stupidity.

 

Interesting. They're certainly playing it up, I wonder what the catch is.

 

sounds like pure profiteering, they have seen an opportunity to make a fast buck and jumped on it.

 

Well... Welcome in capitalism where weakness of others is highly profitable...

 

They're modern day arms dealers. They only sell to democratic governments but they essentially create an artificial arms race because when it comes to exploits, unlike guns, if you're ever behind the other side might get all they need.

They make a lot of money this way.

The exploit sounds interesting, IE10 uses all of the latest mitigation techniques of Windows 8. The improved ASLR is much better than the Windows 7- versions and there's no more (sorta) USER_SHARED_DATA info leak or static bottom up randomizations. Just proof that attackers will always find a way through.

 

That's the kind of company that should be hacked and have their dirty little secrets dumped on the web.

 

Good that Enhanced Protected Mode (AppContainer) prevents this. (The tweet seems to specifically mention normal protected mode)