[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Loose Tweets loosetweets at gmail.com
Tue Aug 14 13:09:31 EDT 2012

> I get it now! If we just patch *all* the bugs, then there will be no
> bugs left for anyone else to exploit. Guys, this is brilliant. How did
> we get scooped by a few lawyers at the EFF when we've been working on
> this for years?

It seems that people continue to misunderstand my earlier point
(https://twitter.com/0xcharlie/status/235402152716152834), so let me
re-iterate it without also attempting to troll.

It is a widely held assumption by people who are not on the front
lines of defense that increased access to vulnerability information
will make everyone more secure.

> Setting aside the question of who gets to make the 'bad regime'
> determination... from everything we know, that's just crap. They send
> their targets stock malware and say 'please install by clicking on
> this photo, love, er... not the government, srsly'. Or, they leverage
> the fact that they have physical access to the carrier, the internet
> cafes and so forth. (Or probably they just use humint cause it's
> easier). What those guys really need is better opsec, and I hope they
> continue to get it.[2]
> As others have said, let's go after the _real_ tools used by 'bad
> regimes', wherever in the world they may hide! Let's see, we need
> Metasploit, Backtrack, FinFisher, Northropp, Raytheon, EnCase, the
> Root CAs, BlueCoat, Cisco, Nortel (for the LI capacity in their
> carrier gear)... Oh wait, most of those guys have lobbyists, forget
> it.

Does it? Does increased access to vulnerability information solve any
problems here or elsewhere? Further, how many vulnerabilities would we
have to fix for it to have an impact on these threats?

That the EFF has so blatantly forsaken their own beliefs is a problem,
but of greater concern to me is that they appear to rely on snap
decisions and emotional judgements rather than competency to do their

I already had misgivings about the EFF's ability to represent my
interests, but now I believe their incompetence may end up hindering
the progress of privacy and security on the internet. I'm with Dave
and I won't be giving even passive support to the EFF from this point


More information about the Dailydave mailing list