id just sent me a link to Dark Reading talking about the controversial prospect of selling exploit code for cash. It has been something I’ve talked about in the past, and actually I was alerted to it by OptikLenz as well. The website is called Zero Day Initiative (it has been live for about a year now). The black market is buying “weaponized” exploits that require little to no skill for up to 2-5 times the highest asking prices of these websites.
Call me crazy, but this is a huge market place now. Considering that Phishing is a billion dollar industry, who cares if they have to spend $50k for a remote windows exploit to help them host phishing sites? Or $10k for a new spamming technique. It’s a small price to pay when the ultimate gain could be tremendous for the assailant.
And do you think 3Com or Tippingpoint are doing this for the good of humanity? No, they are reselling it via their contracts with their customers to make more money off of the exploit code. The economics of hacking are beginning to move into the free market economy and away from the socialist free-for-all of the last decade.