Zero-Day Exploits – Hacking Without Mercy
It allows skilled hackers to inflict serious damage to companies without leaving them any time to respond.
A hacker in his natural outfitimage source
Two kinds of hackers
In computer science, a zero-day exploit is a security vulnerability that is engaged before the weakness becomes known to the public. There are two types of specialists who research system vulnerabilities: The first type is interested in fixing the loophole – they work closely with the developers and respond to the name “ethical hackers”, “penetration testers”, “good guys”. The second type is interested in exploiting the system vulnerability; These Siths are generally referred to as “hackers”. Easily recognizable, since they always wear a black hoodie and mask while operating their computer.
Zero-day
If the hackers are able to obtain knowledge of a vulnerability first, they can construct a malware that targets it and make the code available to their community, before it is known to the software developers. The ‘vulnerability window’ refers to the time frame system developers have to patch a system after a vulnerability becomes known. In this case: zero days, hence the term.
Vulnerability timeline
Let’s have a look at the timeline of a zero-day attack.
The software developers created software, without being aware that it contains a vulnerability.
A hacker discovers the vulnerability before anyone else.
The attacker implements an exploit code to target the available vulnerability.
After the exploit is released or used against a target, the developers learn about it and start working on a patch.
Once a patch is built and released, the exploit is not called a zero-day exploit anymore.
You see, timing matters. The hackers gain advantage by obtaining information about the exploit before everyone else. When the developers find out they have to choose wisely – do they announce it to caution everyone? It could be throwing the hackers a bone. Do they keep it a secret? It could lead to a news scandal and massive PR damage.
If mom only knew what's going down in her basementimage source
Protecting your system
From a user’s perspective, zero-day attacks are difficult to prevent since they are often found in generally trusted software. Antivirus and anti-malware software cannot protect you from malware that has never been seen before. However, a proper firewall can prevent the malware from executing nasty stuff on your PC. To mitigate risk, you should stay away from buggy software and download security updates whenever possible for the apps you use.
Any computer program is likely to contain errors or weaknesses that can be exploited. Some software has notoriously bad security reputation and subject of an overwhelming number of exploits. Such systems are Microsoft Windows, Microsoft Office, Skype and other popular applications. It makes sense, right? It’s efficient to write malware systems that are used by the majority of people.
Here are some examples of recent zero-day exploits for further reading:
Adobe Flash Player Exploit
Microsoft Office Encapsulated PostScript
The case for free software
Mainstream propaganda argues that free (open-source) software is more vulnerable to exploitation because the source code is visible and accessible to anyone. The reality is quite different: Because the code is visible to anyone, it gets reviewed far more often by voluntary developers than any proprietary counterpart and a bug fix can be developed much faster. Furthermore, any technical reader can verify that there is no malicious intent hidden in the source code. Proprietary software is developed behind closed doors, without the pressure to provide any evidence of their code functionality. Far too often these companies cannot resist the temptation to build in some backdoors to spy on their users – I talk more about this here. When a hacker discovers a new vulnerability in their secretive code, we can really feel the implication of these decisions.
Oh, here is a list of 493 vulnerabilities found in Windows 10.
I rest my case.
Information sources:
Norton: Zero Day Vulnerabilities
What-Is-What: Zero Day Exploit
Zero Day Wiki
More Articles like this:
Do you want know about Google alternatives?(Read article)
Do you want to know more about free and open software? (Read article)
- Nick ( @cryptonik ) -
The hacking problem really does seem to be getting worse.I consistently hear about hacks on the news (radio while driving) and these are just the hacks that get covered by the media.
I makes sense right? As we digitalize ourselves further and develop new technologies we also increase the possible attack vector. New doors are found where there were no buildings before.
Great morning read @crytonik
cheers mate
This is great information. You presented it clearly and concisely. You can never stress the importance of being vigilant in our every day computing.
Thank you for your feedback, I appreciate it :)
Please don't show hackers with masks. People without knowing much about the subject will really think they are some kind of criminals wearing this masks. I never saw any hacker at a conference wearning one of these ;)
The statement with the free software is absolutely right. Security through obscurity had been proofen wrong in the past many times and just people without knowing anything about the security aspects will claim that it is better to have the code to hack a system. Most system hacked are reengineered, so it doesn't help you anyhow.
When looking at the recent hacks, the meltdown spectre for example, average joe linux user does already have fixed in their kernels while media still reports it. Having a non-homogenious system with a well infrastructure does help to fix issues very fast once they had been identified.
wow and just wow and this is a good post indeed about the hackers but to add more information the hackers are three types
white hackers and they are good guys
Gray hackers and they are in between then can do bad and good things is depends
Black hackers and they are bad bad guys and you may know what they can do
I guess so...
This post is sponsored by @appreciator in collaboration with #steemitbloggers. Keep up the good work
❤️
@originalworks
The @OriginalWorks bot has determined this post by @cryptonik to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
it's great shedding some light on this !
:)
I hadn't thought of that before (the open source being more secure) but it makes perfect sense. I've preferred Apache OpenOffice for years, and toyed with the idea of installing Ubuntu. Great food for thought, @cryptonik!
Don't toy with the idea dear @traciyork, go ubuntu and never look back!
My hubby has to do some hardware tinkering with my main rig in the near future, so maybe I'll take the opportunity to make a fresh start then. Thanks for the nudge. 😃
That's the spirit! :)
Wow great article about zeeo day exploitation. I wonder of theres a statostic comparing open source and proprietary software vulnerabilities. Comparing which is more secure.
Thanks, I got a statistic right here for you: You will find x100 more bugs and exploit on any Windows system in comparison to a Linux system.
Linux code gets cross reviewed all the time (larger dev base) and less users (smaller target base). That simple.