Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Exploit Broker Zerodium Offers $1 Million for Tor Browser Zero-Days (bleepingcomputer.com)

An anonymous reader writes: Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser. In a bug acquisition program launched today, the company says it's interested in Tor Browser exploits that "[lead] to remote code execution on the targeted OS either with privileges of the current user or with unrestricted root/SYSTEM privileges." The company said it's searching for exploits that work on Tails — a privacy-hardened version of Linux — and Windows.

The exploit broker is interested in high-complexity exploits that do not require user interaction or show any errors or popups. Zerodium said it's looking for zero-days that require users only to visit a web page. The company is not picky, accepting zero-days that work against Tor Browser instances running with security settings set to "high" (JavaScript disabled) or security settings set to "low" (default Tor Browser configuration). The company is willing to pay up to $250,000 per exploit in a budget of $1 million. Zerodium says high government demand has spurned it to launch this bug bounty with special prices.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Exploit Broker Zerodium Offers $1 Million for Tor Browser Zero-Days

Comments Filter:

"To IBM, 'open' means there is a modicum of interoperability among some of their equipment." -- Harv Masterson

Working...