Ever since he was released from prison, legendary hacker (and social engineering expert) Kevin Mitnick has spent much of his time helping companies protect against internet attacks. However, his security consulting work recently entered murky territory. He's now offering the Absolute Zero Day Exploit Exchange, a service that sells "exclusive" unpatched exploits to companies and governments for $100,000 or more. If you're willing to pay for a premium tier, you can even get notification the moment an exploit is available for a program you're interested in -- whether or not it's your own.
Mitnick is quick to tell Wired that his team is screening both the researchers and customers, and won't sell to either gangs or nosy governments. He knows first-hand what it's like to be on the wrong end of the law, after all. That doesn't necessarily guarantee that clients are on the up-and-up, however, and Mitnick adds that he isn't asking customers what they'll do with their purchases. While many may use the knowledge to patch vulnerabilities in their own software or those of their partners, there's a concern that others could use exploits for corporate espionage or other less-than-scrupulous activities. Hopefully, the high pricing and close scrutiny will limit the service to customers with good intentions.
[Image credit: Movistar Campus Party Mexico, Flickr]