Hi, this is Wayne again with a topic “You’ll Never See This Coming… (Zero-Day Attacks)”.
Zero day attack, it kind of sounds like the title of the next hit action movie, but it’s actually a special kind of software weakness that can end up causing big problems and we’d like to thank our friends at bitdefender for sponsoring today’s episode. So we could tell you all about them. You see it’s called a zero day attack because it stems from a vulnerability. No one knew about until it was actually exploited kind of like the thermal exhaust port on the death star except jyn erso, and her dad knew about that one. Many times.
Other types of software bugs are detected by the publisher before they get exploited, giving developers time to come up with a patch, but a zero day attack is called that because the publisher knew about it for zero days. It’S like fortifying the crap out of the front of your house during the purge and not realizing, there’s a basement window that you never used. Oh no, so it’s not surprising that zero day attacks tend to be devastating and high impact. In fact, the famous stuxnet worm that crippled iran’s nuclear weapons program back in 2010 was a zero-day attack.
But how exactly do you defend against a security flaw that you don’t even know is there? One strategy developers like to use is finding any potential holes that could open up the possibility of a buffer, overflow and patching them. A buffer overflow is simply a vulnerability that would allow one program to write data to another program’s memory – space – something that’s typically not allowed by modern operating systems in order to keep a badly intentioned or misbehaving program from crashing other parts of the computer. It’S only allowed to crash specific parts, because bad actors often use buffer overflows to inject malicious code into a machine. Preventing them is an important way to stop zero-day attacks, and this is often accomplished through heuristic analysis found in anti-malware products. This basically means anti-malware will look for suspicious code patterns that might exploit attack vectors. Other zero-day hacks have used, so new viruses or vulnerabilities can be dealt with before human developers find out about them and crush them. But obviously these solutions aren’t perfect, so software companies often hire penetration, testers and other so-called white hats to find bugs in their own programs and report findings before the bad guys discover them, but there’s also quite an active marketplace for zero day attacks.
You see, you don’t need to be directly employed by a software developer to go find zero day bugs some companies run bug bounties in which you can get paid directly by big name tech firms for finding holes in their products and telling their engineers about it. Rather than you know, using those vulnerabilities yourself for cd purposes, don’t do that. However, there are also other companies that basically serve as marketplaces or brokers for zero day exploits. These can end up paying quite a lot we’re talking, thousands or even millions of dollars. If you find an exploit valuable enough, but it may not always be clear who will be getting their hands on your findings? It does appear, though, that buyers often end up being government organizations which i suppose, in this day and age, should surprise.
No one and of course there does exist a true black market for these exploits on the dark web, where they’re simply sold to anyone with enough crypto sounds like something out of blade, runner or something in fact, part of the reason bounties from larger companies or brokers. Can be so high is to encourage folks who uncover weaknesses to just report them please, instead of selling them to an actual cyber criminal for a smaller payout. So it does end up being possible to both do some good and earn a heap of cash. If you know what you’re doing someone needs to tell the same thing to my isp, i know so funny right speaking of doing good, you would do well to check out our sponsor bitdefender total security 2020.. It was awarded product of the year by av. Comparatives. Bitdefender has scored high in independent tests and protects over 500 million systems worldwide. Today, we’re featuring total security, 2020 for windows, mac os, android and ios.
You get a vpn multi-layer, ransomware protection, great speed performance across all platforms, unbeatable protection against malware. It’S a no-brainer. You can even run total security 2020 from your mobile device and it’s all backed up by bitdefender’s comprehensive 24 7 support, so click the link in the video description for more information and a special giveaway. Alright, that’s it for this tech quickie thanks for watching guys like dislike, live your life, but what you should definitely do is check out our other videos comment below with video suggestions and don’t forget to subscribe and follow. I think you forgot to do that. Next.
Last time don’t forget this time. .