July 8, 2015 By Sara Peters
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
A critical zero-day vulnerability can fetch a high price on the black market. Or, everyone can have it for free, and criminals can pack it into a variety of exploit kits and roll it into the wild. Super-sophisticated spyware may require great skill to develop or lots of cash to buy in the criminal underground. Or, the source code could just show up on BitTorrent, and be good to go with a little customization.
This week's doxing attack and breach of Italian surveillance software company Hacking Team shows just how such things can happen -- a combination of great offense and terrible defense.
The attacker who has now taken responsibility for the Hacking Team breach hasn't revealed his methods yet, but based upon what we now know about the company's internal security, bad password practices -- not just by regular users, but by security staff -- likely has something to do with it.
Full Article
Hacking Team Zero-Day Shows Wide-Spread Dangers Of All Offense, No Defense
+54
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.