{"id":2027,"date":"2013-06-06T12:17:53","date_gmt":"2013-06-06T16:17:53","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2027"},"modified":"2020-02-26T18:57:22","modified_gmt":"2020-02-26T14:57:22","slug":"exploit","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/exploit\/2027\/","title":{"rendered":"What is an Exploit?"},"content":{"rendered":"<p>If Achilles\u2019s heel was his vulnerability in the Iliad, then Paris\u2019s poison tipped arrow was the exploit. Quite literally, an exploit is the device or \u2013 more often than not \u2013 the method through which an attacker takes advantage of an existing vulnerability in any sort of hardware or software system.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/06\/05113438\/exploit_title.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2028 aligncenter\" alt=\"exploit_title\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/06\/05113438\/exploit_title.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p>A vulnerability is a weakness. Sometimes these are bugs that arise from honest mistakes made by programmers in the product development lifecycle. Sometimes vulnerabilities are introduced into products intentionally in order to allow \u2018backdoor\u2019 access to a product after it has been shipped off to the user. Oftentimes, perhaps most often, they are inevitable byproducts of innovation.<\/p>\n<p>Essentially, as hackers get better tools and learn more and as computers become more powerful, processes and practices that were once considered secure become obsolete.<\/p>\n<div class=\"pullquote\">It\u2019s important to note though that of all vulnerabilities, only a small percentage are dangerous or maliciously useful.<\/div>\n<p>Think of it like traditional security: before the advent of gun powder, a castle was a nearly impenetrable defense. You build a moat and fill it with alligators (though most people couldn\u2019t swim at the time so alligators may have been a bit excessive) and you pull up the drawbridge when an attacker comes along and you\u2019re kingdom is pretty safe. Then came gun powder and one thing led to another and now an invader can easily lob a cruise missile inside your castle walls and there is precious little that a drawbridge, stone walls, or a moat can do about it.<\/p>\n<p>It\u2019s important to note though that of all vulnerabilities, only a small percentage are dangerous or maliciously useful. Many vulnerabilities are cause for annoyance, like crashes or reboots, and little more. On the other side of the spectrum, there are countless dangerous vulnerabilities that exist but are nearly impossible or just too expensive to exploit. The only vulnerabilities that are of any real value to most attackers are those that allow for remote code execution, which could let an attacker execute malicious code, or escalation of privileges, which essentially gives an attacker all the same rights as a user or admin.<\/p>\n<p>Vulnerabilities are ever-present. I <a href=\"https:\/\/me-en.kaspersky.com\/blog\/patch-tuesday-closes-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">install patches<\/a> as soon as I can for everything I use. Despite this, I am writing this story right now in a vulnerable Microsoft Word, on a vulnerable Windows machine, with countless tabs opened in a vulnerable <a href=\"https:\/\/me-en.kaspersky.com\/blog\/alternative-browsers\/\" target=\"_blank\" rel=\"noopener\">browser<\/a>. Vulnerabilities are always there, it\u2019s just a matter of whether or not anyone has discovered and developed exploits to take advantage of them.<\/p>\n<p>When you think about it, in the computing context, both \u2018vulnerability\u2019 and \u2018exploit\u2019 mean just exactly what they mean in the larger context. The complicated part is explaining how a specific vulnerability came to exist and what an attacker actually does to exploit it.<\/p>\n<p>In phishing attacks, the vulnerability and the exploit are simple. The vulnerability is human gullibility or our tendency toward naivet\u00e9 and the exploit is a convincingly worded email.<\/p>\n<p>The reality is that vulnerabilities are always out there \u2013 known and unknown \u2013 and always will be. Your best recourse is simple: try not to be the weakest gazelle on the savannah. Install your updates, run <a href=\"https:\/\/usa.kaspersky.com\/products-services\/home-computer-security\/internet-security\" target=\"_blank\" rel=\"noopener\">a strong antivirus product<\/a>, <a href=\"https:\/\/me-en.kaspersky.com\/blog\/how-to-stay-secure-while-traveling-abroad\/\" target=\"_blank\" rel=\"noopener\">avoid public Wi-Fi<\/a>, don\u2019t open sketchy email attachments, and, in general, <a href=\"https:\/\/me-en.kaspersky.com\/blog\/five-popular-spam-scams\/\" target=\"_blank\" rel=\"noopener\">browse smartly<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If Achilles\u2019s heel was his vulnerability in the Iliad, then Paris\u2019s poison tipped arrow was the exploit. Quite literally, an exploit is the device or \u2013 more often than not<\/p>\n","protected":false},"author":42,"featured_media":2029,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[78,258],"class_list":{"0":"post-2027","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-hackers","9":"tag-vulnerabilties"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/exploit\/2027\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/exploit\/2027\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/exploit\/2027\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/exploit\/2027\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/exploit\/997\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/exploit\/2027\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/exploit\/997\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/exploit\/2027\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/exploit\/2027\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/hackers\/","name":"hackers"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2027"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2027\/revisions"}],"predecessor-version":[{"id":15561,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2027\/revisions\/15561"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2029"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}