Vupen brags about Windows 8 hack

Discussion in 'other security issues & news' started by tgell, Nov 8, 2012.

Thread Status:
Not open for further replies.
  1. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,076
    Not sure if this has been posted yet. Sorry if it has.

    Article
     
  2. Wow. That is disgusting.
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    And the cycle starts anew. On the subject of Vupen, I just can't get behind non-disclosure for profit.
     
  4. Well, full disclosure doesn't strike me as so good either. But this is ridiculous - it's basically blackhat stuff.
     
  5. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Well, it's a balance. I don't want a bug-finder telling the world, but I don't want them leaving out the vendor so they can make more with higher-paying sources either like Vupen is doing. Paid, responsible disclosure is the best way to work in my opinion.
     
  6. Okay... Reading some more, it looks like Vupen's clients are all governments, and almost exclusively democratic ones. So this is not entirely black and white.

    Even so, this strikes me as a rather irresponsible kind of business. Even the most progressive democratic governments are not immune to greed, bigotry, and stupidity.
     
  7. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Interesting. They're certainly playing it up, I wonder what the catch is.
     
  8. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    330
    sounds like pure profiteering, they have seen an opportunity to make a fast buck and jumped on it.
     
  9. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Well... Welcome in capitalism where weakness of others is highly profitable...
     
    Last edited: Nov 8, 2012
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They're modern day arms dealers. They only sell to democratic governments but they essentially create an artificial arms race because when it comes to exploits, unlike guns, if you're ever behind the other side might get all they need.

    They make a lot of money this way.

    The exploit sounds interesting, IE10 uses all of the latest mitigation techniques of Windows 8. The improved ASLR is much better than the Windows 7- versions and there's no more (sorta) USER_SHARED_DATA info leak or static bottom up randomizations. Just proof that attackers will always find a way through.
     
    Last edited: Nov 8, 2012
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That's the kind of company that should be hacked and have their dirty little secrets dumped on the web.
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Good that Enhanced Protected Mode (AppContainer) prevents this. (The tweet seems to specifically mention normal protected mode)
     
Loading...
Thread Status:
Not open for further replies.