WEBVTT 00:00:00.000 --> 00:00:03.000 Zero Day Attack! 00:00:03.000 --> 00:00:06.000 It kind of sounds like the title of the next hit action movie, 00:00:06.000 --> 00:00:11.500 but it's actually a special kind of software weakness that can end up causing big problems. 00:00:11.500 --> 00:00:15.000 And we'd like to thank our friends at Bitdefender for sponsoring today's episode, 00:00:15.000 --> 00:00:22.000 so we could tell you all about them. You see, it's called a zero day attack because it stems from a vulnerability no one knew about 00:00:22.000 --> 00:00:27.000 until it was actually exploited. Kind of like the thermal exhaust port on the Death Star. 00:00:27.000 --> 00:00:30.000 Except Jin Erso and her dad knew about that one. 00:00:30.000 --> 00:00:35.500 Many times other types of software bugs are detected by the publisher before they get exploited, 00:00:35.500 --> 00:00:44.500 giving developers time to come up with a patch. But a zero day attack is called that because the publisher knew about it for zero days. 00:00:44.500 --> 00:00:48.000 It's like fortifying the crap out of the front of your house during the purge 00:00:48.000 --> 00:00:51.000 and not realizing there's a basement window that you never used. 00:00:51.000 --> 00:00:57.500 Oh no. So it's not surprising that zero day attacks tend to be devastating and high impact. 00:00:57.500 --> 00:01:04.000 In fact, the famous Stuxnet worm that crippled Iran's nuclear weapons program back in 2010 was a zero day attack. 00:01:04.000 --> 00:01:09.500 But how exactly do you defend against a security flaw that you don't even know is there? 00:01:09.500 --> 00:01:13.500 One strategy developers like to use is finding any potential holes 00:01:13.500 --> 00:01:17.500 that could open up the possibility of a buffer overflow and patching them. 00:01:17.500 --> 00:01:24.000 A buffer overflow is simply a vulnerability that would allow one program to write data to another program's memory space. 00:01:24.000 --> 00:01:31.000 Something that's typically not allowed by modern operating systems in order to keep a badly intentioned or misbehaving program 00:01:31.000 --> 00:01:35.000 from crashing other parts of the computer. 00:01:35.000 --> 00:01:42.000 It's only allowed to crash specific parts. Because bad actors often use buffer overflows to inject malicious code into a machine, 00:01:42.000 --> 00:01:46.000 preventing them is an important way to stop zero day attacks. 00:01:46.000 --> 00:01:51.500 And this is often accomplished through heuristic analysis found in anti-malware products. 00:01:51.500 --> 00:01:55.500 This basically means anti-malware will look for suspicious code patterns 00:01:55.500 --> 00:01:59.500 that might exploit attack vectors other zero day hacks have used. 00:01:59.500 --> 00:02:05.500 So new viruses or vulnerabilities can be dealt with before human developers find out about them. 00:02:05.500 --> 00:02:10.000 And crush them. But obviously these solutions aren't perfect. 00:02:10.000 --> 00:02:16.000 So software companies often hire penetration testers and other so-called white hats 00:02:16.000 --> 00:02:21.500 to find bugs in their own programs and report findings before the bad guys discover them. 00:02:21.500 --> 00:02:25.000 But there's also quite an active marketplace for zero day attacks. 00:02:25.000 --> 00:02:30.000 You see, you don't need to be directly employed by a software developer to go find zero day bugs. 00:02:30.000 --> 00:02:35.000 Some companies run bug bounties in which you can get paid directly by big name tech firms 00:02:35.000 --> 00:02:38.500 for finding holes in their products and telling their engineers about it. 00:02:38.500 --> 00:02:43.500 Rather than, you know, using those vulnerabilities yourself for CD purposes. 00:02:43.500 --> 00:02:50.500 Don't do that. However, there are also other companies that basically serve as marketplaces or brokers for zero day exploits. 00:02:50.500 --> 00:02:53.500 These can end up paying quite a lot. 00:02:53.500 --> 00:02:58.000 We're talking thousands or even millions of dollars if you find an exploit valuable enough. 00:02:58.000 --> 00:03:02.500 But it may not always be clear who will be getting their hands on your findings. 00:03:02.500 --> 00:03:06.500 It does appear though that buyers often end up being government organizations, 00:03:06.500 --> 00:03:10.500 which I suppose in this day and age should surprise no one. 00:03:10.500 --> 00:03:15.500 And of course there does exist a true black market for these exploits on the dark web 00:03:15.500 --> 00:03:18.500 where they're simply sold to anyone with enough crypto. 00:03:20.500 --> 00:03:23.500 Sounds like something out of Blade Runner or something. 00:03:23.500 --> 00:03:27.500 In fact, part of the reason bounties from larger companies or brokers can be so high 00:03:27.500 --> 00:03:31.500 is to encourage folks who uncover weaknesses to just report them. 00:03:31.500 --> 00:03:36.500 Please, instead of selling them to an actual cyber criminal for a smaller payout. 00:03:36.500 --> 00:03:42.500 So it does end up being possible to both do some good and earn a heap of cash if you know what you're doing. 00:03:42.500 --> 00:03:46.500 Someone needs to tell the same thing to my ISP. 00:03:46.500 --> 00:03:52.500 I know, so funny, right? Alright, that's it for this tech wiki. Thanks for watching guys. 00:03:52.500 --> 00:03:57.500 Like, dislike, live your life. But what you should definitely do is check out our other videos. 00:03:57.500 --> 00:04:01.500 Comment below with video suggestions and don't forget to subscribe and follow. 00:04:01.500 --> 00:04:05.500 I think you forgot to do that last time. Don't forget this time!