“The software and services that Hacking Team sells provide the means for its government and law enforcement clients to break into and even control computers remotely through the internet. The huge leak of the firm’s company data also revealed details of previously unknown vulnerabilities in software that could be exploited to provide ways of hacking computers – known as zero-day vulnerabilities because the software’s manufacturer has no time to fix the problem.
Hacking Team didn’t discover most of these exploits – they bought them from hackers who found them, keeping them secret for use in their products. Perhaps this is why a security firm such as Hacking Team becomes a tempting target for criminals, as a concentrated source of zero-day exploits.
Zero-day vulnerabilities are great news for criminals. Three of these vulnerabilities were in Flash, and some of those revealed in the leaked documents appeared in attack kits available online within hours – faster than the developers of the affected programs could fix the holes, let alone distribute the updates to millions of users worldwide.
The Flash plugin is notorious for being riddled with security flaws and other shortcomings. Yet it’s also one of the most popular pieces of software on the planet. So what will it take to kill it?”
Read more at phys.org [opinion]