Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Crime Java Security

Java Zero-Day Vulnerability Rolled Into Exploit Packs 193

tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."
This discussion has been archived. No new comments can be posted.

Java Zero-Day Vulnerability Rolled Into Exploit Packs

Comments Filter:
  • by durrr ( 1316311 ) on Thursday January 10, 2013 @12:55PM (#42547347)

    Follow the money and you probably find that various three letter agencies are his main customers.

  • by Nerdfest ( 867930 ) on Thursday January 10, 2013 @01:00PM (#42547407)

    There's a person finding exploits for $10,000 per month and Oracle, Microsoft and Adobe don't subscribe to it? That's just silly.

  • by girlintraining ( 1395911 ) on Thursday January 10, 2013 @02:48PM (#42548901)

    I suppose because on some level, we identify with the hacker. Our way of life is under constant assault by well-financed interests. The collective geek culture rejects the notion that ideas can be owned. Knowledge is power, and because of that, it should be shared freely and widely. Our culture rejects the limitations of online freedom that everyone wants -- whether it's bloggers in Iran being disappeared for providing updates on what their government is up to, to China's appetite for supressing western influences, to our own government's desire for internet kill switches and pervasive monitoring. All of this gets in the way of free and unfettered access to information, something geeks believe is a cultural heritage and the right to access granted to all human beings. Geeks... are idealists and creatives.

    And when we see our creations turned against us, used to corrupt the ideals that gave birth to them, there is a certain artistic desire to destroy it because its beauty has been tarnished. It's something that you can find historical and literary examples of dating back to pre-greek times. So on some level, we identify with the so-called "bad guys", because they're hurting the people who are hurting us.

    Sure, morally, ethically, we can recognize that its wrong and destructive. We know that it only emboldens the destroyers and usurpers of our lifestyle to pass even more restrictive edicts and arrest more people, but psychologically it doesn't matter. We ourselves are powerless so when we see others in the same boat doing powerful things against powerful people, it's very enticing to support them no matter their motivations.

  • by mcgrew ( 92797 ) * on Thursday January 10, 2013 @03:13PM (#42549297) Homepage Journal

    Here in Norway we are required to have it to do online banking :(

    I refuse to bank online, and I would ESPECIALLY refuse to bank online if the bank demanded java. If I want to check my balance I'll call them; I never heard of anyone getting rooted over a voice-only phone call.

    In fact, I use my credit card as little as possible online. Yes, I'm paranoid... but my computers haven't been infected with anything since my daughter installed the XCP trojan Sony provided on a CD she bought at the store she worked at.

    If I do get rooted, there's no sensitive information whatever on my PCs or phone.

  • Re:Oh Java... (Score:4, Interesting)

    by sourcerror ( 1718066 ) on Thursday January 10, 2013 @05:41PM (#42551369)

    All the Java problems were with applets. Considering how many security problems were with Flash too, maybe the problem is with the browser APIs.

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN