<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">That was a quote from the article that
I wanted to highlight. I obviously did not write that (in case
there is some confusion).<br>
<br>
-dave<br>
<br>
On 1/8/2014 4:08 PM, Dave Aitel wrote:<br>
</div>
<blockquote cite="mid:52CDBE49.2060604@immunityinc.com" type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
<p><br>
<a moz-do-not-send="true"
href="http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html">http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html</a><br>
<br>
</p>
<p><strong>Should NSA point out holes?</strong></p>
<p>Among the weapons in the NSA’s arsenal are “zero day” exploits,
tools that take advantage of previously unknown vulnerabilities
in software and hardware to break into a computer system. The
panel recommended that U.S. policy aim to block zero-day attacks
by having the NSA and other government agencies alert companies
to vulnerabilities in their hardware and software. That
recommendation has drawn praise from security experts such as
Matt Blaze, a University of Pennsylvania computer scientist, who
said it would allow software developers and vendors to patch
their systems and protect consumers from attacks by others who
may try to exploit the same vulnerabilities.</p>
<p>“This is not to say that reporting a vulnerability means that
NSA can’t also exploit it against their targets, only that their
overall national security role means that their first
responsibility must be to work to fix it,” Blaze said.</p>
<p>But Schaeffer said: “You’re taking a potential weapon away from
the very people we’re asking to protect the nation. Those people
ought to be able to use their best technical professional
judgment as to when it’s appropriate to alert industry that
there’s a vulnerability.”</p>
<br class="Apple-interchange-newline">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Dailydave mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a>
<a class="moz-txt-link-freetext" href="https://lists.immunityinc.com/mailman/listinfo/dailydave">https://lists.immunityinc.com/mailman/listinfo/dailydave</a>
</pre>
</blockquote>
<br>
</body>
</html>