Home page logo
/

dailydave logo Dailydave mailing list archives

Re: Various things people say.
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 08 Jan 2014 16:34:13 -0500

That was a quote from the article that I wanted to highlight. I
obviously did not write that (in case there is some confusion).

-dave

On 1/8/2014 4:08 PM, Dave Aitel wrote:


http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html

*Should NSA point out holes?*

Among the weapons in the NSA's arsenal are "zero day" exploits, tools
that take advantage of previously unknown vulnerabilities in software
and hardware to break into a computer system. The panel recommended
that U.S. policy aim to block zero-day attacks by having the NSA and
other government agencies alert companies to vulnerabilities in their
hardware and software. That recommendation has drawn praise from
security experts such as Matt Blaze, a University of Pennsylvania
computer scientist, who said it would allow software developers and
vendors to patch their systems and protect consumers from attacks by
others who may try to exploit the same vulnerabilities.

"This is not to say that reporting a vulnerability means that NSA
can't also exploit it against their targets, only that their overall
national security role means that their first responsibility must be
to work to fix it," Blaze said.

But Schaeffer said: "You're taking a potential weapon away from the
very people we're asking to protect the nation. Those people ought to
be able to use their best technical professional judgment as to when
it's appropriate to alert industry that there's a vulnerability."




_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]