<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><div>While this whole thing about Edward Snowden, the NSA, privacy, and all other interesting meme’s have been flying about for almost a year now, I found this story rather interesting:</div><div><br></div><div><a href="http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html?_r=0">http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html?_r=0</a></div><div><br></div><div>Just thought that while everyone debates these interesting targets from a technical perspective, zero-day and weaponize clandestine operations in the world of cyber, I thought this article took us back to a ‘simpler’ time. Simple from a consumer standpoint anyway. It’s also intereting to see the cyclical nature o these things. I’m not passing judgement nor am I lawyer. Fascinating however. So while clicking the link, I just want to say, relevant. </div><div><br></div><div>On Jan 8, 2014, at 4:08 PM, Dave Aitel <<a href="mailto:dave@immunityinc.com">dave@immunityinc.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<div text="#000000" bgcolor="#FFFFFF"><p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em; line-height: 1.5em; font-family: Georgia, serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"><br>
<a href="http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html">http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html</a><br>
<br>
</p><p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em; line-height: 1.5em; font-family: Georgia, serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);"><strong style="font-weight:
bold;">Should NSA point out holes?</strong></p><p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em; line-height: 1.5em; font-family: Georgia, serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">Among the weapons in the
NSA’s arsenal are “zero day” exploits, tools that take advantage
of previously unknown vulnerabilities in software and hardware to
break into a computer system. The panel recommended that U.S.
policy aim to block zero-day attacks by having the NSA and other
government agencies alert companies to vulnerabilities in their
hardware and software. That recommendation has drawn praise from
security experts such as Matt Blaze, a University of Pennsylvania
computer scientist, who said it would allow software developers
and vendors to patch their systems and protect consumers from
attacks by others who may try to exploit the same vulnerabilities.</p><p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em; line-height: 1.5em; font-family: Georgia, serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">“This is not to say that
reporting a vulnerability means that NSA can’t also exploit it
against their targets, only that their overall national security
role means that their first responsibility must be to work to fix
it,” Blaze said.</p><p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em; line-height: 1.5em; font-family: Georgia, serif; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">But Schaeffer said: “You’re
taking a potential weapon away from the very people we’re asking
to protect the nation. Those people ought to be able to use their
best technical professional judgment as to when it’s appropriate
to alert industry that there’s a vulnerability.”</p>
<br class="Apple-interchange-newline">
</div>
_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>https://lists.immunityinc.com/mailman/listinfo/dailydave<br></blockquote></div><br></body></html>