乐橙足彩

安全资讯

漏洞收购企业Zerodium表示向Tor浏览器项目提供100万美元奖励

2017-09-15

5,748
1

乐橙足彩看起来对于 Tor浏览器的漏洞攻击一直处于高需求状态,所以也就有人为此准备了100万美元。 Zerodium是一家专门从事漏洞收购业务的公司,近日宣布,将为linux和windows 操作系统上最受欢迎的 Tor 浏览器支付 100万美元的漏洞奖励金。

原标题:

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

 

乐橙足彩It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars.


乐橙足彩 Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.


Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy.


Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled.


The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser.


Moreover, the zero-day Tor exploit must work without requiring any user interaction, except for victims to visit a web page.


乐橙足彩 Other attack vectors such as delivery via malicious document are not eligible for this bounty, but ZERODIUM may, at its sole discretion, make a distinct offer to acquire such exploits.

 

Zerodium to Sell Tor Browser 0-Days to Law Enforcement Agencies

 

乐橙足彩Although the zero-day market has long been a lucrative business for private firms that regularly offer more payouts for undisclosed vulnerabilities than big technology companies, Zerodium says that it wants to resell the Tor browser exploits to law enforcement agencies to fight crime.


In a FAQ, the company has admitted that it will sell the acquired Tor zero-days to law enforcement agencies, and possibly the commercial malware development companies who sell spyware to governments.

 

"In many cases, [Tor] used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all," Zerodium said.

 

In response to the Zerodium bounty program, Tor Project says that breaching the security of its anonymity software may risk lives of many users, including human rights defenders, activists, lawyers, and researchers, who rely on it.

 


The non-profit foundation also urges researchers and hackers to responsibly disclose vulnerabilities in Tor via its recently-launched bug bounty program.

 

乐橙足彩"We think the amount of the bounty is a testament to the security we provide. We think it's in the best interest of all Tor users, including government agencies, for any vulnerabilities to be disclosed to us through our own bug bounty," Tor Project spokesperson told The Hacker News.

 

乐橙足彩"Over 1.5 million people rely on Tor everyday to protect their privacy online, and for some it's life or death. Participating in Zerodium's program would put our most at-risk users' lives at stake."

 

Payouts for Tor Browser 0-Day RCE Exploits

 

Here is the list of Zerodium's payouts for Tor Browser Exploits:


RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $250,000
Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $185,000


RCE+LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $125,000
Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $85,000


RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $200,000
Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $175,000


RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $100,000
Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $75,000


Those interested can submit their exploit until November 30th, 2017 at 6:00 pm EDT. The company also notes that the bounty may be terminated before its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).

 

乐橙足彩  >  安全资讯  >  正文
  • 2017-09-15

    333
    2

    乐橙足彩朝鲜黑客表现出了对数字货币的浓厚兴趣,至少三家韩国数字交易平台成为他们的攻击目标。据悉,朝鲜黑客采用钓鱼攻击的方法展开攻击活动。

  • 2017-09-15

    243
    1

    看起来对于 Tor浏览器的漏洞攻击一直处于高需求状态,所以也就有人为此准备了100万美元。 Zerodium是一家专门从事漏洞收购业务的公司,近日宣布,将为linux和windows 操作系统上最受欢迎的 Tor 浏览器支付 100万美元的漏洞奖励金。

  • 2017-09-15

    234
    0

    美国国土安全部发布消息称,美国所有国家机构停止使用卡巴斯基实验室的产品,其原因是俄罗斯政府方面可能进入该系统。在一个具有约束力的指令中,代理国土安全秘书 Elaine Duke 命令联邦民事机构在其网络上识别卡巴斯基实验室软件。

  • 2017-09-15

    229
    0

    网络安全公司FireEye研究人员近期发现微软Office文档存在一处零日漏洞(CVE-2017-8759),允许黑客操控受影响系统、安装间谍程序FinSpy、更改或删除原始数据,以及诱导受害用户打开电子邮件下载特制文档或恶意应用程序。

  • 2017-09-15

    223
    0

    乐橙足彩网络安全公司Kromtech研究人员发现逾4,000台ElasticSearch服务器遭两款流行恶意软件AlinaPOS与JackPOS肆意感染,其中美国地区受影响情况最为严重。然而,相关调查显示,虽然受感染日期最早可追溯至2016年,但最近一次恶意传播发生在今年8月。另外,值得...

  • 乐橙足彩
  • 1
  • 2
  • 3
  • 4
  • 5
  • 末页

    安全资讯

    国际动态

    恶意软件

    漏洞事件

    黑客事件

    国内动态

    数据泄露

新闻分类
热门文章排行
安全产品
解决方案
关于我们
联系我们
安全服务

地址:北京市海淀区高梁桥斜街42号融汇国际大厦东区三层
邮编:100044
服务热线:400-696-8096
电 话:010-82838085
邮箱:
contact@brettsongs.com

关注我们
Copyright © 2007-2017 brettsongs.com All Rights Reserved 北京国舜科技股份有限公司版权所有 京公网安备110108000272号