[Dailydave] Neal Stephenson, the EFF and Exploit Sales
Adriel T. Desautels
adriel at netragard.com
Tue Aug 14 15:19:31 EDT 2012
We just published an article that counters a lot of the FUD surrounding
zero-day exploits, risks and sales. Granted its not 100% on topic but I
think there are some aspects of it that are. Feel free to give it a read
(or not).
http://pentest.netragard.com/2012/08/13/selling-zero-days-doesnt-increase-your-risk-heres-why/
On 8/14/12 1:09 PM, Loose Tweets wrote:
>> I get it now! If we just patch *all* the bugs, then there will be no
>> bugs left for anyone else to exploit. Guys, this is brilliant. How did
>> we get scooped by a few lawyers at the EFF when we've been working on
>> this for years?
> It seems that people continue to misunderstand my earlier point
> (https://twitter.com/0xcharlie/status/235402152716152834), so let me
> re-iterate it without also attempting to troll.
>
> It is a widely held assumption by people who are not on the front
> lines of defense that increased access to vulnerability information
> will make everyone more secure.
>
>> Setting aside the question of who gets to make the 'bad regime'
>> determination... from everything we know, that's just crap. They send
>> their targets stock malware and say 'please install by clicking on
>> this photo, love, er... not the government, srsly'. Or, they leverage
>> the fact that they have physical access to the carrier, the internet
>> cafes and so forth. (Or probably they just use humint cause it's
>> easier). What those guys really need is better opsec, and I hope they
>> continue to get it.[2]
> ...
>> As others have said, let's go after the _real_ tools used by 'bad
>> regimes', wherever in the world they may hide! Let's see, we need
>> Metasploit, Backtrack, FinFisher, Northropp, Raytheon, EnCase, the
>> Root CAs, BlueCoat, Cisco, Nortel (for the LI capacity in their
>> carrier gear)... Oh wait, most of those guys have lobbyists, forget
>> it.
> Does it? Does increased access to vulnerability information solve any
> problems here or elsewhere? Further, how many vulnerabilities would we
> have to fix for it to have an impact on these threats?
>
> That the EFF has so blatantly forsaken their own beliefs is a problem,
> but of greater concern to me is that they appear to rely on snap
> decisions and emotional judgements rather than competency to do their
> jobs.
>
> I already had misgivings about the EFF's ability to represent my
> interests, but now I believe their incompetence may end up hindering
> the progress of privacy and security on the internet. I'm with Dave
> and I won't be giving even passive support to the EFF from this point
> forward.
>
> -LT
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120814/cfcc336e/attachment.html>
More information about the Dailydave
mailing list