
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">That was a quote from the article that

      I wanted to highlight. I obviously did not write that (in case

      there is some confusion).<br>

      <br>

      -dave<br>

      <br>

      On 1/8/2014 4:08 PM, Dave Aitel wrote:<br>

    </div>

    <blockquote cite="mid:52CDBE49.2060604@immunityinc.com" type="cite">

      <meta http-equiv="Context-Type" content="text/html;

        charset=ISO-8859-1">

      <p><br>

        <a moz-do-not-send="true"

href="http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html">http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html</a><br>

        <br>

      </p>

      <p><strong>Should NSA point out holes?</strong></p>

      <p>Among the weapons in the NSA&#8217;s arsenal are &#8220;zero day&#8221; exploits,

        tools that take advantage of previously unknown vulnerabilities

        in software and hardware to break into a computer system. The

        panel recommended that U.S. policy aim to block zero-day attacks

        by having the NSA and other government agencies alert companies

        to vulnerabilities in their hardware and software. That

        recommendation has drawn praise from security experts such as

        Matt Blaze, a University of Pennsylvania computer scientist, who

        said it would allow software developers and vendors to patch

        their systems and protect consumers from attacks by others who

        may try to exploit the same vulnerabilities.</p>

      <p>&#8220;This is not to say that reporting a vulnerability means that

        NSA can&#8217;t also exploit it against their targets, only that their

        overall national security role means that their first

        responsibility must be to work to fix it,&#8221; Blaze said.</p>

      <p>But Schaeffer said: &#8220;You&#8217;re taking a potential weapon away from

        the very people we&#8217;re asking to protect the nation. Those people

        ought to be able to use their best technical professional

        judgment as to when it&#8217;s appropriate to alert industry that

        there&#8217;s a vulnerability.&#8221;</p>

      <br class="Apple-interchange-newline">

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Dailydave mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a>

<a class="moz-txt-link-freetext" href="https://lists.immunityinc.com/mailman/listinfo/dailydave">https://lists.immunityinc.com/mailman/listinfo/dailydave</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>