Re: An Examination of Zerodium's Price Chart

[John Newman]

On February 10, 2017 10:57:27 AM EST, Ryan Carboni  wrote:
>>
>> I am not sure you depict the situation correctly.
>> The colourful image with these prices writes *UP TO $X* and clearly
>> there is great difference between $X and "up to $X".
>> Appears to me marketoid trick like the spam advertisements on
>> non-internet media: "product/service X prevents your from Y *UP TO
>100%*".
>>
>>
>And Data Encryption Standard has up to 56-bits of security, depending
>on
>luck.

Yeesh, don't use DES! Don't use 3DES for that matter, if you can avoid it..

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: An Examination of Zerodium's Price Chart

[Ryan Carboni]

>
> I am not sure you depict the situation correctly.
> The colourful image with these prices writes *UP TO $X* and clearly
> there is great difference between $X and "up to $X".
> Appears to me marketoid trick like the spam advertisements on
> non-internet media: "product/service X prevents your from Y *UP TO 100%*".
>
>
And Data Encryption Standard has up to 56-bits of security, depending on
luck.

Re: An Examination of Zerodium's Price Chart

[Georgi Guninski]

On Fri, Feb 10, 2017 at 04:05:54AM -0800, Ryan Carboni wrote:
> https://www.zerodium.com/program.html
> 
> To remotely jailbreak iOS is worth one and a half million dollars.
> 
> To break OpenSSL, $50,000.
> 
> To hack your antivirus program, $40,000.
> 
> To hack Tor Browser, $30,000.
> 
> To hack flash player, $100,000.
>

I am not sure you depict the situation correctly.
The colourful image with these prices writes *UP TO $X* and clearly
there is great difference between $X and "up to $X".
Appears to me marketoid trick like the spam advertisements on
non-internet media: "product/service X prevents your from Y *UP TO 100%*".

An Examination of Zerodium's Price Chart

[Ryan Carboni]

https://www.zerodium.com/program.html

To remotely jailbreak iOS is worth one and a half million dollars.

To break OpenSSL, $50,000.

To hack your antivirus program, $40,000.

To hack Tor Browser, $30,000.

To hack flash player, $100,000.

It appears the only secure way to access the internet is using iOS, but
only to connect to static websites hosted by other smartphones, using
(probably) PolarSSL.

I recommend reading Personal Privacy in an Information Society, written in
1977.


> A recently publicized example of a government information system with
> inadequate security involved the computer and telecommunications system,
> SSADARS, which connects private insurance companies acting as Medicare
> intermediaries for the government with the Social Security Administration
> (SSA) data file. The Social Security Administration reported at the
> Commission hearings on Medical Records in July 1976 that its longstanding
> policy of protecting the confidentiality of individually identifiable
> information in its files had been adequately carried out in its
> administrative and technical safeguards. On October 23, 1976, however, SSA
> announced that it had discovered that it was mistaken in its belief that
> there was "no way the Medicare intermediaries and carriers can use their
> telecommunications system to gain access to the files used to administer"30
> other SSA programs. SSA staff found that the SSADARS terminals installed in
> the offices of two intermediaries could have been altered relatively
> easily, thereby permitting access to files other than the Medicare
> eligibility files the intermediaries needed to see. Although no actual
> access to other SSA program information is believed to have occurred, the
> technical safeguards to assure the confidentiality of information in the
> SSADARS system were not as effective as SSA had thought.


 In fact, all the problems in our modern day have been predicted long
before CFAA and Wargame (the movie) were ever put to paper.


The fact that no action has been taken is alarming in itself, and
indicative of some sort of mass undiagnosed neurological disease.