Dailydave mailing list archives
Re: Neal Stephenson, the EFF and Exploit Sales
From: Loose Tweets <loosetweets () gmail com>
Date: Tue, 14 Aug 2012 13:09:31 -0400
I get it now! If we just patch *all* the bugs, then there will be no bugs left for anyone else to exploit. Guys, this is brilliant. How did we get scooped by a few lawyers at the EFF when we've been working on this for years?
It seems that people continue to misunderstand my earlier point (https://twitter.com/0xcharlie/status/235402152716152834), so let me re-iterate it without also attempting to troll. It is a widely held assumption by people who are not on the front lines of defense that increased access to vulnerability information will make everyone more secure.
Setting aside the question of who gets to make the 'bad regime' determination... from everything we know, that's just crap. They send their targets stock malware and say 'please install by clicking on this photo, love, er... not the government, srsly'. Or, they leverage the fact that they have physical access to the carrier, the internet cafes and so forth. (Or probably they just use humint cause it's easier). What those guys really need is better opsec, and I hope they continue to get it.[2]
...
As others have said, let's go after the _real_ tools used by 'bad regimes', wherever in the world they may hide! Let's see, we need Metasploit, Backtrack, FinFisher, Northropp, Raytheon, EnCase, the Root CAs, BlueCoat, Cisco, Nortel (for the LI capacity in their carrier gear)... Oh wait, most of those guys have lobbyists, forget it.
Does it? Does increased access to vulnerability information solve any problems here or elsewhere? Further, how many vulnerabilities would we have to fix for it to have an impact on these threats? That the EFF has so blatantly forsaken their own beliefs is a problem, but of greater concern to me is that they appear to rely on snap decisions and emotional judgements rather than competency to do their jobs. I already had misgivings about the EFF's ability to represent my interests, but now I believe their incompetence may end up hindering the progress of privacy and security on the internet. I'm with Dave and I won't be giving even passive support to the EFF from this point forward. -LT _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Neal Stephenson, the EFF and Exploit Sales, (continued)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Don Bailey (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Christian Heinrich (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Tracy Reed (Aug 13)
- Re: Neal Stephenson, the EFF and Exploit Sales Adam Shostack (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Haroon Meer (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Rich Mogull (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Mary Landesman (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales David Maynor (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 10)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Michal Zalewski (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Adriel T. Desautels (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Bas Alberts (Aug 16)
- Re: Neal Stephenson, the EFF and Exploit Sales Tracy Reed (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Daniel Margolis (Aug 17)
- Re: Neal Stephenson, the EFF and Exploit Sales Loose Tweets (Aug 14)
- Re: Neal Stephenson, the EFF and Exploit Sales Dr. Sandro Gaycken (Aug 15)
- Re: Neal Stephenson, the EFF and Exploit Sales Ben Nagy (Aug 16)