<div dir="ltr">So FireEye went through an unknown process and now DHS is convinced their product is "effective" at stopping terrorists. I'm curious what the limitations of liability are with SAFETY. For example, do the protections still hold for customers that ignore the alerts that come from a functional FireEye installation (a la <a href="http://www.reuters.com/article/2014/03/13/us-target-breach-idUSBREA2C14F20140313">Target</a>)?</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 1, 2015 at 10:53 AM, Andreas Lindh <span dir="ltr"><<a href="mailto:andreas@haxx.ml" target="_blank">andreas@haxx.ml</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
So the DHS has certified FireEye's products as "Qualified<br>
Anti-Terrorism Technology", which in short means that if you get<br>
breached and the attack is considered an act of terrorism, it's not<br>
your fault. This is interesting for a couple of reasons, perhaps<br>
mainly because FE's products are not exactly known to be bullet proof<br>
(see for example <a href="https://www.youtube.com/watch?v=3vh2s9Pui0E" target="_blank">https://www.youtube.com/watch?v=3vh2s9Pui0E</a>), but<br>
also for the pure ridiculousness of the whole affair.<br>
<br>
<a href="http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-custo
mers-get-liability-shield-thanks-to-safety-act.html" target="_blank">http://www.csoonline.com/article/2916649/disaster-recovery/fireeye-custo<br>
mers-get-liability-shield-thanks-to-safety-act.html</a><br>
<br>
<br>
The way I see it, this development is likely to lead to a couple of<br>
things:<br>
<br>
1. Everyone who gets breached and that has a FireEye box will cry "ACT<br>
OF TERRORISM", which of course is exactly what the world needs.<br>
<br>
2. FireEye will make a *lot* of money.<br>
<br>
3. Terrorists won't care.<br>
<br>
Thoughts?<br>
<br>
Andreas<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<br>
Comment: GPGTools - <a href="http://gpgtools.org" target="_blank">http://gpgtools.org</a><br>
<br>
iQIcBAEBCgAGBQJVQ5NvAAoJEI415gQuBbe00tgQANJ22UzyZLEgHANOztT3pjYK<br>
p6cdwBLy7hJh/jR88mWR1EZ4rXcLi84nPKVNmxCMUALYOgGGvHffz4hWXKysze67<br>
u5cuXH/QAi9CtE5HyhxP4h13LMJzKxiU9tigbHIMv6rIMMxK4ox/KnBXn9CXKlkt<br>
edyBKPSGt+I2uKW1Pqtk8noCczq3oegJ58vTIs9CEs4ur+rC+ggdQ4rEbshdfDqs<br>
qcPTT9CH8Ve5ang2rrAW4nQUsSf4YUJ18YD44uXYA8yQ6WwtZJ6WRySlkoFJ8pJl<br>
VQMEByM0XJFsaxLu/5uCAU+y2HnDJdGvEsz44CNu07B44LX4E4jGRD+loxaiBhO3<br>
GCEeViSPbyzr4rSWD+h5D+rLXWqKSb9RWJOTOXC0JG0Ada96dQ31zLu2dJ0uNoTX<br>
udj9KCCnWXvMnnYEeGFAOiNtZidghSMxpw4WZIHMMhTwNxyzYQi74j/7TD1zh1IG<br>
x3OsILh+FUxACH4q+YxTGXjsQrgH7IsLsOVQyMu0KWJ1OgfqW4Wl6d+IxS+xU6eL<br>
fxRZuJnEOngGMQ81tWHHiDb4WpuVgrSGlCU7KHAJo6KP66Q080YZWr5ABO5++CX+<br>
BzBtiRO8l4nWxZrcs7lHAQyivcO4EQRCwmcPzArzDcO9jafHhGN2KRy24b+1z2v4<br>
m0Yz9TUlG0OXDnLVMzL2<br>
=mxi6<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
</blockquote></div><br></div>