When Security Exploits Have Exploits
from the piling-on dept
We’ve talked in the past about how security software sometimes needs security software itself — but what about security exploits? A popular scam these days among some script kiddies is to lock up important data on someone’s computer unless they pay an extortion fee to release the data. Of course, it should come as no surprise that these exploits have exploits of their own… as one security firm discovered this week, releasing the universal password that will unlock your data should you happen to get caught by one of these scams. Apparently, all you need to know is: mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw. Of course, it’s not surprising to find out the a script kiddie scam has exploits, but it does suggest a different kind of race for some security companies. Instead of just focusing on patches, look for ways to break the scam software itself.