1
00:00:00,400 --> 00:00:07,040
zero day attack it kind of sounds like the title of the

2
00:00:04,640 --> 00:00:12,000
next hit action movie but it's actually a special kind of software weakness that

3
00:00:09,040 --> 00:00:15,360
can end up causing big problems and we'd like to thank our friends at bitdefender

4
00:00:13,519 --> 00:00:19,680
for sponsoring today's episode so we could tell you all about them you see

5
00:00:17,520 --> 00:00:24,240
it's called a zero-day attack because it stems from a vulnerability no one knew

6
00:00:21,920 --> 00:00:28,480
about until it was actually exploited kind of like the thermal exhaust port on

7
00:00:26,080 --> 00:00:33,040
the death star except jyn erso and her dad knew about that one many times other

8
00:00:31,039 --> 00:00:37,360
types of software bugs are detected by the publisher before they get exploited

9
00:00:35,600 --> 00:00:42,160
giving developers time to come up with a patch but a zero day attack is called

10
00:00:39,920 --> 00:00:45,920
that because the publisher knew about it for

11
00:00:43,280 --> 00:00:49,039
zero days it's like fortifying the crap out of the front of your house during

12
00:00:47,200 --> 00:00:54,000
the purge and not realizing there's a basement window that you never used oh

13
00:00:51,600 --> 00:00:59,520
no so it's not surprising that zero day attacks tend to be devastating and high

14
00:00:56,879 --> 00:01:03,600
impact in fact the famous stuxnet worm that crippled iran's nuclear weapons

15
00:01:01,440 --> 00:01:08,479
program back in 2010 was a zero-day attack but how exactly do you defend

16
00:01:06,479 --> 00:01:12,720
against a security flaw that you don't even know is there one strategy

17
00:01:10,720 --> 00:01:16,960
developers like to use is finding any potential holes that could open up the

18
00:01:14,400 --> 00:01:20,640
possibility of a buffer overflow and patching them a buffer overflow is

19
00:01:18,960 --> 00:01:25,200
simply a vulnerability that would allow one program to write data to another

20
00:01:22,960 --> 00:01:28,560
program's memory space something that's typically not allowed by modern

21
00:01:26,880 --> 00:01:32,280
operating systems in order to keep a badly intentioned or misbehaving program

22
00:01:31,360 --> 00:01:36,479
from crashing other parts of the computer

23
00:01:34,799 --> 00:01:41,200
it's only allowed to crash specific parts because bad actors often use

24
00:01:39,040 --> 00:01:45,280
buffer overflows to inject malicious code into a machine preventing them is

25
00:01:43,439 --> 00:01:50,000
an important way to stop zero-day attacks and this is often accomplished

26
00:01:47,600 --> 00:01:53,920
through heuristic analysis found in anti-malware products this basically

27
00:01:52,240 --> 00:01:58,240
means anti-malware will look for suspicious code patterns that might

28
00:01:55,920 --> 00:02:03,119
exploit attack vectors other zero-day hacks have used so new viruses or

29
00:02:00,719 --> 00:02:07,439
vulnerabilities can be dealt with before human developers find out about them

30
00:02:05,520 --> 00:02:11,840
and crush them but obviously these solutions aren't

31
00:02:09,200 --> 00:02:17,920
perfect so software companies often hire penetration testers and other so-called

32
00:02:15,040 --> 00:02:22,160
white hats to find bugs in their own programs and report findings before the

33
00:02:20,160 --> 00:02:26,000
bad guys discover them but there's also quite an active marketplace for zero day

34
00:02:24,400 --> 00:02:30,080
attacks you see you don't need to be directly employed by a software

35
00:02:27,680 --> 00:02:34,560
developer to go find zero day bugs some companies run bug bounties in which you

36
00:02:32,319 --> 00:02:37,920
can get paid directly by big name tech firms for finding holes in their

37
00:02:36,480 --> 00:02:42,239
products and telling their engineers about it rather than you know

38
00:02:39,920 --> 00:02:47,040
using those vulnerabilities yourself for cd purposes don't do that however there

39
00:02:45,200 --> 00:02:51,840
are also other companies that basically serve as marketplaces or brokers for

40
00:02:49,440 --> 00:02:56,080
zero day exploits these can end up paying quite a lot we're talking

41
00:02:53,920 --> 00:03:00,560
thousands or even millions of dollars if you find an exploit valuable enough but

42
00:02:58,319 --> 00:03:04,560
it may not always be clear who will be getting their hands on your findings it

43
00:03:02,560 --> 00:03:09,280
does appear though that buyers often end up being government organizations which

44
00:03:06,800 --> 00:03:13,920
i suppose in this day and age should surprise no one and of course

45
00:03:11,360 --> 00:03:17,599
there does exist a true black market for these exploits on the dark web where

46
00:03:16,000 --> 00:03:20,560
they're simply sold to anyone with enough crypto

47
00:03:21,120 --> 00:03:26,159
sounds like something out of blade runner or something in fact part of the

48
00:03:24,159 --> 00:03:30,560
reason bounties from larger companies or brokers can be so high is to encourage

49
00:03:28,480 --> 00:03:35,120
folks who uncover weaknesses to just report them please instead of selling

50
00:03:33,040 --> 00:03:40,239
them to an actual cyber criminal for a smaller payout so it does end up being

51
00:03:37,840 --> 00:03:44,239
possible to both do some good and earn a heap of cash if you know what you're

52
00:03:42,159 --> 00:03:49,760
doing someone needs to tell the same thing to my isp

53
00:03:47,040 --> 00:03:55,519
i know so funny right speaking of doing good you would do well to check out our

54
00:03:52,560 --> 00:03:59,920
sponsor bitdefender total security 2020. it was awarded product of the year by av

55
00:03:57,519 --> 00:04:04,879
comparatives bitdefender has scored high in independent tests and protects over

56
00:04:02,080 --> 00:04:10,159
500 million systems worldwide today we're featuring total security 2020 for

57
00:04:06,879 --> 00:04:12,879
Windows macOS Android and iOS you get a

58
00:04:10,159 --> 00:04:17,759
vpn multi-layer ransomware protection great speed performance across all

59
00:04:15,280 --> 00:04:20,239
platforms unbeatable protection against malware

60
00:04:20,320 --> 00:04:26,560
it's a no-brainer you can even run total security 2020 from your mobile device

61
00:04:24,720 --> 00:04:30,800
and it's all backed up by bitdefender's comprehensive 24 7 support so click the

62
00:04:29,120 --> 00:04:36,479
link in the video description for more information and a special giveaway

63
00:04:34,560 --> 00:04:39,919
all right that's it for this Techquickie thanks for watching guys like

64
00:04:38,639 --> 00:04:44,639
dislike live your life but what you should definitely do is check out our other

65
00:04:43,120 --> 00:04:48,320
videos comment below with video suggestions and don't forget to

66
00:04:46,479 --> 00:04:53,720
subscribe and follow i think you forgot to do that next last time don't forget

67
00:04:50,479 --> 00:04:53,720
this time