{"id":23244,"date":"2017-03-12T18:16:36","date_gmt":"2017-03-12T23:16:36","guid":{"rendered":"http:\/\/olduvai.ca\/?p=23244"},"modified":"2017-09-30T13:09:23","modified_gmt":"2017-09-30T18:09:23","slug":"malware-attacks-used-by-the-us-government-retain-potency-for-many-years-new-evidence-indicates","status":"publish","type":"post","link":"https:\/\/olduvai.ca\/?p=23244","title":{"rendered":"Malware Attacks Used By the US Government Retain Potency For Many Years, New Evidence Indicates"},"content":{"rendered":"<div class=\"Post-header\" data-reactid=\".ti.1.0.0\">\n<div class=\"Post-header-grid\" data-reactid=\".ti.1.0.0.2\">\n<div class=\"Post-header-row\" data-reactid=\".ti.1.0.0.2.0\">\n<div class=\"Post-header-block\" data-reactid=\".ti.1.0.0.2.0.1\">\n<div data-reactid=\".ti.1.0.0.2.0.1.0\">\n<div class=\"Post-title-block\" data-reactid=\".ti.1.0.0.2.0.1.0.1\">\n<h3 class=\"Post-title\" data-reactid=\".ti.1.0.0.2.0.1.0.1.0\"><a class=\"Post-title-link\" href=\"https:\/\/theintercept.com\/2017\/03\/10\/government-zero-days-7-years\/\" data-reactid=\".ti.1.0.0.2.0.1.0.1.0.0\">MALWARE ATTACKS USED BY THE U.S. GOVERNMENT RETAIN POTENCY FOR MANY YEARS, NEW EVIDENCE INDICATES<\/a><\/h3>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"Post-body\" data-reactid=\".ti.1.0.1\">\n<div class=\"Post-content-block-outer\" data-reactid=\".ti.1.0.1.2\">\n<div class=\"GridContainer Post-scroll-container\" data-reactid=\".ti.1.0.1.2.0\">\n<div class=\"GridRow\" data-reactid=\".ti.1.0.1.2.0.0\">\n<div class=\"Post-content-block\" data-reactid=\".ti.1.0.1.2.0.0.1\">\n<div class=\"Post-content-block-inner\" data-reactid=\".ti.1.0.1.2.0.0.1.0\">\n<div class=\"PostContent\" data-reactid=\".ti.1.0.1.2.0.0.1.0.4\">\n<div data-reactid=\".ti.1.0.1.2.0.0.1.0.4.1:$p-0\">\n<p>A NEW REPORT\u00a0from Rand Corp. may help shed light on the government\u2019s arsenal of malicious software, including the size of its stockpile of so-called \u201czero days\u201d \u2014 hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.<\/p>\n<p>The\u00a0<a href=\"http:\/\/www.rand.org\/pubs\/research_reports\/RR1751.html\">report<\/a>\u00a0also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government\u2019s controversial use of zero days. Officials have long refused to say how many such attacks are in the government\u2019s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.<\/p>\n<p>Rand\u2019s report is based on unprecedented access to a database of\u00a0zero days from a company that sells them to governments and other customers on the \u201cgray market.\u201d The collection contains about 200 entries \u2014 about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.<\/p>\n<p>Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.<\/p>\n<div class=\"img-wrap align-center width-fixed\">\n<p><a href=\"https:\/\/prod01-cdn07.cdn.firstlook.org\/wp-uploads\/sites\/1\/2017\/03\/zero-days-vulnerabilities-1489094297.png\"><img decoding=\"async\" class=\"aligncenter size-article-large wp-image-116619\" src=\"https:\/\/prod01-cdn07.cdn.firstlook.org\/wp-uploads\/sites\/1\/2017\/03\/zero-days-vulnerabilities-1489094297-1000x605.png\" alt=\"zero-days-vulnerabilities-1489094297\" \/><\/a><\/p>\n<p class=\"caption source pullright\">Chart: RAND<\/p>\n<\/div>\n<p>Rand\u2019s researchers found that there was no pattern around which exploits lived a long or short life \u2014 severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>&#8230;click on the above link to read the rest of the article&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MALWARE ATTACKS USED BY THE U.S. GOVERNMENT RETAIN POTENCY FOR MANY YEARS, NEW EVIDENCE INDICATES A NEW REPORT\u00a0from Rand Corp. may help shed light on the government\u2019s arsenal of malicious software, including the size of its stockpile of so-called \u201czero days\u201d \u2014 hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices. The\u00a0report\u00a0also [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[6],"tags":[15007,1401,15008,5567,843],"class_list":["post-23244","post","type-post","status-publish","format-standard","hentry","category-liberty","tag-kim-zetter","tag-malware","tag-rand-corporation","tag-the-intercept","tag-us-government"],"_links":{"self":[{"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/posts\/23244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/olduvai.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23244"}],"version-history":[{"count":2,"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/posts\/23244\/revisions"}],"predecessor-version":[{"id":23246,"href":"https:\/\/olduvai.ca\/index.php?rest_route=\/wp\/v2\/posts\/23244\/revisions\/23246"}],"wp:attachment":[{"href":"https:\/\/olduvai.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/olduvai.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/olduvai.ca\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}