Security Agencies and Governments Plot to Keep Software Vulnerabilities Secret
Specialist at EFF (Electronic Frontier Foundation), Marcia Hoffman has discerned that security research agencies, which unearth 0-day security flaws within operating systems or other software, sell them at a price to corporations and governments, which in turn utilize them like an avenue to install spyware, published boingboing.net on March 30, 2012.
The EFF discovered that the one such agency that was most occupied in doing the said research and trade was a French firm named VUPEN, which argues that it doesn't wish for exposure or patching of the software flaws since its aim is to trade them with different governments that in turn utilize them for planting spyware onto the public's PCs.
But, according to Hoffman, the governments mayn't actually do just what has been said, for several of them, VUPEN found, sold the acquired exploits to other nation states that evidently have even poorer standards of human rights.
And as per founder of VUPEN, Chaouki Bekrar, his organization doesn't want the spread of knowledge of the spyware exploits, which can aid in finding their solutions rather it wishes for keeping them to sell to its clients. VUPEN that as well "pwned" the Internet Explorer browser of Microsoft boasts that it knows of the vulnerabilities in all prominent Web-browsers along with some in Adobe Reader or Microsoft Word. Boingboing.com published this.
Meanwhile, researchers have made an observation that though VUPEN make it most articulate about its business it isn't surely alone in trading the sophisticated artillery on the underground economy of 0-day exploits. Well-running American agencies like Endgame, Netragard, Raytheon, and Northrop Grumman too have this kind of business. The researchers even elaborated the pricing of different 0-day exploits wherein well-known browsers' vulnerabilities fetched quite more than $100,000 each, while an Apple iOS flaw fetched one-quarter of a million.
Incidentally, clients of VUPEN include only governments of NATO or its alliances, such as Azerbaijan, Belarus, Russia, and Ukraine, all nations supporting Internet freedom.
Conclusively, EFF summons governments to first stop exploit trafficking instead of stressing for their revelations or patching so that no vulnerability will remain undocumented for which patches will automatically come.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 09-04-2012