Zero-Day Exploits

This cluster discusses zero-day vulnerabilities and exploits, focusing on their high value, hoarding by governments and agencies like the NSA, ethical concerns about disclosure versus stockpiling, and risks of use by nation-states.

📉 Falling 0.5x Security

1,738

Comments

Years Active

Top Authors

#1960

Topic ID

Activity Over Time

2009

2010

2011

2012

2013

2014

2015

2016

102

2017

155

2018

2019

140

2020

119

2021

203

2022

134

2023

188

2024

118

2025

150

2026

Top Contributors

tptacek (29) saagarjha (17) Zigurd (10) willstrafach (9) trotsky (9)

Keywords

WLAN AWS www.eff LockDown secure.com blogspot.com CAN NSA IP EFF zero day zero exploits days day exploit nsa vulnerabilities released disclose

Sample Comments

xadhominemx • Oct 22, 2021 • View on HN

Why would they waste a zero day exploit on you?

realusername • Jul 6, 2023 • View on HN

I doubt he's lying, those zero days exploits are very expensive and it's not like you want to burn them for investigating some small theft

catsdanxe • Jun 17, 2020 • View on HN

They can potentially collect NSA zero days

rdtsc • Nov 23, 2016 • View on HN

Any place which hoards 0-days is a prime target. Even if they are considered to be the "right hands", the "wrong hands" could grab those exploits eventually.

waifufucker • Mar 7, 2017 • View on HN

by definition a zero day is unknown, if they detect that it's being used in the wild then they can easily trigger the software vendor to issue emergency patches or plant the story somewhere - hell, they can even release counter malware that can mitigatethey have absolutely no reason to reveal their inventory of zero daze; that's not to say they're not morally obligated to do so, but when have morals driven their actions?

knodi123 • Jun 3, 2021 • View on HN

are there any companies hoarding 0days? I know the CIA does, but asking for ethical behavior from them seems like such a long-shot that it would make sense to decouple it from more achievable goals.

comboy • Apr 9, 2021 • View on HN

If I were running an agency...You don't have to find many zero days. Just have enough. Huge backend of tools and network of contributors surely helps, but if 0-day is gone in Zoom, and say you don't have their explicit cooperation (which you totally can have) and you only have one, then it may not be such a worry if it is commonly used with other software that you can own.Besides that, there are tiers of 0-days, some of which you would not touch unless the target is exceptionally

v3ss0n • Sep 2, 2023 • View on HN

This is assuming that zero day exploit are always exposed on public. In reality huge chunks of zero day exploit only in black hat and NSA hands.

johncessna • Jan 3, 2023 • View on HN

As a guess, if you're the only one who knows about this, it's one hell of a zero day. Once used though, the cat is out of the bag and industry will race to patch it. Yes, it'll take time.If I were a country who could easily just drop bombs on people to cause destruction, then I'd rather leak something that I have no defense against in the hopes it gets patched rather than save it as a tool to use.

Ascetik • Mar 6, 2019 • View on HN

Based on what I've read, the NSA and other white-hat organizations have access to 0-days or have discovered 0-days that can crack these things but they're not released to the public or if they are, they're released years later.