While this whole thing about Edward Snowden, the NSA, privacy, and all other interesting meme’s have been flying about for almost a year now, I found this story rather interesting:
http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html?_r=0 Just thought that while everyone debates these interesting targets from a technical perspective, zero-day and weaponize clandestine operations in the world of cyber, I thought this article took us back to a ‘simpler’ time. Simple from a consumer standpoint anyway. It’s also intereting to see the cyclical nature o these things. I’m not passing judgement nor am I lawyer. Fascinating however. So while clicking the link, I just want to say, relevant. On Jan 8, 2014, at 4:08 PM, Dave Aitel <[email protected]> wrote: > > http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html > > Should NSA point out holes? > > Among the weapons in the NSA’s arsenal are “zero day” exploits, tools that > take advantage of previously unknown vulnerabilities in software and hardware > to break into a computer system. The panel recommended that U.S. policy aim > to block zero-day attacks by having the NSA and other government agencies > alert companies to vulnerabilities in their hardware and software. That > recommendation has drawn praise from security experts such as Matt Blaze, a > University of Pennsylvania computer scientist, who said it would allow > software developers and vendors to patch their systems and protect consumers > from attacks by others who may try to exploit the same vulnerabilities. > > “This is not to say that reporting a vulnerability means that NSA can’t also > exploit it against their targets, only that their overall national security > role means that their first responsibility must be to work to fix it,” Blaze > said. > > But Schaeffer said: “You’re taking a potential weapon away from the very > people we’re asking to protect the nation. Those people ought to be able to > use their best technical professional judgment as to when it’s appropriate to > alert industry that there’s a vulnerability.” > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
