<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Oh I think it has the potential to cause harm,
especially in the wrong hands... which is why I think that the
zero-day exploit market should be regulated. We're selling
bullets and computers are the guns, there's no doubting that.
That is why when we sell we are so selective. <br>
<br>
We do our best to keep these tools in the right hands (being a
matter of perspective of course). And really, that's the most
anyone can do right? <br>
<br>
What sorts of 0-day's are you seeing? I'm very interested. <br>
<br>
</font>
<div class="moz-cite-prefix">On 8/14/12 5:33 PM, Michal Zalewski
wrote:<br>
</div>
<blockquote
cite="mid:CALx_OUBJ=9XBdKsC9hyJwXu1fzUjZcCRJ-cfhvFdMRdZbG4HQA@mail.gmail.com"
type="cite">
<blockquote type="cite">
<pre wrap="">How can anyone expect to protect themselves from zero-day's if they can't
protect themselves from known issues for which patches / fixes already
exist?
</pre>
</blockquote>
<pre wrap="">
I generally agree, and that's why I think the APT rhetoric is somewhat harmful:
<a class="moz-txt-link-freetext" href="http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html">http://lcamtuf.blogspot.com/2011/02/world-of-hbgary.html</a>
But you know, I'm also working for a company that happens to be
routinely targeted by 0-days - so I disagree with the argument that
0-day trade has no potential to cause harm.
/mz
</pre>
</blockquote>
<br>
</body>
</html>