Krebsonsecurity, that type of vulnerability would also qualify for a big reward from Microsoft’s own bounty program. Last summer, Microsoft raised its reward from $50,000 to $100,000 for information about vulnerabilities that can bypass their Enhanced Mitigation Experience Toolkit.
But somehow, the call of the dark side was stronger. While there is a debate over the actual value of this specific zero-day vulnerability, there is no dispute that a thriving market for software vulnerabilities exists. The market encompasses cybercrime forums, exploit brokers, developers, and yes hackers.
Yes, the force is with them – and some substantial financial rewards.
Since cybercrime forums and bounty programs such as Bugcrowd used by Avira check the individual hacker’s past work and reputation, switching sides can be difficult. But as Kevin Mitnick has shown, it can be done. And to make sure that your computer is protected against those who have fallen to the dark side, keep your software updated with Avira.