Re: [Wikimedia-l] law enforcement buying vulnerabilities on black market leaving them unreported for surveillance

2013-08-20 Thread Seb35
I aggree with JP Béland: the computer security obviously affects the  
Wikimedia users, but imho we shouldn’t do more than we can and let the  
responsability of their own security to the users -- although we should  
contribute for a decent security.


For the specific topic you brought about 0-days, I’m not personnaly  
surprised, this type of market was revealed some time ago, see for  
instance  
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/.


~ Seb35


Le Tue, 20 Aug 2013 07:30:09 +0200, JP Béland lebo.bel...@gmail.com a  
écrit:

I'm not sure what is your point here. How exactly readers of Wikimedia
projects are at risk here because of that story? Are you trying to say it
is the Foundation responsibility to protect the readers from the
vulnerabilities of their operating systems?

JP Béland



2013/8/19 James Salsman jsals...@gmail.com


While the trickling release of Edward Snowden's revelations from bad to
worse in weekly incremental steps has been enormously effective in  
swaying

public opinion, it has made formulating a meaningful response very
difficult.

A few weeks ago we learned that the FBI has been purchasing personal
computer operating system vulnerabilities from gray and black-hat  
hackers
on the black market, often for several tens of thousands of dollars  
each,

and leaving them unreported and thereby unpatched for use in future
surveillance operations:
http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/

Unfortunately, this means that the vulnerabilities remain available to  
the

criminal computer crime underground, affecting everyone including
Foundation project readers and contributors alike.

Very recently a well respected group of researchers characterized this
state of affairs as preferable to the complexity of additional
surveillance network and systems infrastructure:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107

This is a false dichotomy which directly places Foundation project  
readers

and editors at risk, but does so along with virtually everyone else who
uses personal computer or smartphone equipment. However, I think it is  
an
important aspect to address because none of the other recent  
eavesdropping
revelations put people at risk to organized computer crime, blackmail,  
and

extortion in the same way.

Is there any reason to exclude action on a particular issue just  
because it

effects everyone else along with our users?
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe

___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,  
mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe


___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 
mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe

[Wikimedia-l] law enforcement buying vulnerabilities on black market leaving them unreported for surveillance

2013-08-19 Thread James Salsman
While the trickling release of Edward Snowden's revelations from bad to
worse in weekly incremental steps has been enormously effective in swaying
public opinion, it has made formulating a meaningful response very
difficult.

A few weeks ago we learned that the FBI has been purchasing personal
computer operating system vulnerabilities from gray and black-hat hackers
on the black market, often for several tens of thousands of dollars each,
and leaving them unreported and thereby unpatched for use in future
surveillance operations:
http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/

Unfortunately, this means that the vulnerabilities remain available to the
criminal computer crime underground, affecting everyone including
Foundation project readers and contributors alike.

Very recently a well respected group of researchers characterized this
state of affairs as preferable to the complexity of additional
surveillance network and systems infrastructure:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107

This is a false dichotomy which directly places Foundation project readers
and editors at risk, but does so along with virtually everyone else who
uses personal computer or smartphone equipment. However, I think it is an
important aspect to address because none of the other recent eavesdropping
revelations put people at risk to organized computer crime, blackmail, and
extortion in the same way.

Is there any reason to exclude action on a particular issue just because it
effects everyone else along with our users?
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 
mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe

Re: [Wikimedia-l] law enforcement buying vulnerabilities on black market leaving them unreported for surveillance

2013-08-19 Thread JP Béland
I'm not sure what is your point here. How exactly readers of Wikimedia
projects are at risk here because of that story? Are you trying to say it
is the Foundation responsibility to protect the readers from the
vulnerabilities of their operating systems?

JP Béland



2013/8/19 James Salsman jsals...@gmail.com

 While the trickling release of Edward Snowden's revelations from bad to
 worse in weekly incremental steps has been enormously effective in swaying
 public opinion, it has made formulating a meaningful response very
 difficult.

 A few weeks ago we learned that the FBI has been purchasing personal
 computer operating system vulnerabilities from gray and black-hat hackers
 on the black market, often for several tens of thousands of dollars each,
 and leaving them unreported and thereby unpatched for use in future
 surveillance operations:
 http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/

 Unfortunately, this means that the vulnerabilities remain available to the
 criminal computer crime underground, affecting everyone including
 Foundation project readers and contributors alike.

 Very recently a well respected group of researchers characterized this
 state of affairs as preferable to the complexity of additional
 surveillance network and systems infrastructure:
 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107

 This is a false dichotomy which directly places Foundation project readers
 and editors at risk, but does so along with virtually everyone else who
 uses personal computer or smartphone equipment. However, I think it is an
 important aspect to address because none of the other recent eavesdropping
 revelations put people at risk to organized computer crime, blackmail, and
 extortion in the same way.

 Is there any reason to exclude action on a particular issue just because it
 effects everyone else along with our users?
 ___
 Wikimedia-l mailing list
 Wikimedia-l@lists.wikimedia.org
 Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
 mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
___
Wikimedia-l mailing list
Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 
mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe