Anti-security company VUPEN claims to have broken Windows 8 & Explorer 10, will sell exploits to cops, governments & wiretapping vendors

VUPEN is an anti-security company that roots out vulnerabilities in common operating systems and programs and sells these vulnerabilities to governments, police forces and others who want to use them to build malicious software to let them spy on people (we've written about them before). Now they claim to have found vulnerabilities in Windows 8 and Internet Explorer 10, and have put these up for sale to customers who want to use them to hijack other peoples' computers.

Security firm VUPEN claims to have hacked Windows 8 and IE10 (via /.)


  1. They have done Microsoft’s debugging work for them. Redmond just needs to cut them a check, fix the bugs, and move on. Free market at its finest!

      1.  But what about the costs imposed by tarnishing the brand…

        …sorry, couldn’t finish that with a straight face.

    1. unfortunately that’s not how VUPEN works. they aren’t a security company, they’re not interested in improving anyone’s security, they’re an anti-security company as mentioned in the post. they make it their policy to not sell the information to the affected vendors. they’ve realized that that hurts their bottom line. they can make more money by:

      1) selling to governments

      2) selling the same thing to multiple parties

      3) not invalidating the value of the exploit by helping the vendor fix the problem (an exploit with a long life has more value to people who want to use it to attack others than one that gets fixed in a few hours/days/weeks/months).

  2. Assuming that this information they are selling could reasonably be used to break into computers with some copyrighted content (oooooh!), they are breaking the law, specifically that part of the DMCA that deals with “Distribution of Circumvention Tools”.  See here

    (2)No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
    (A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

    Granted the DMCA sucks, but as long as it’s still on the books, why not apply it here and actually make it do some good for society?

Comments are closed.