Home page logo
/

dailydave logo Dailydave mailing list archives

Re: Various things people say.
From: Moses Hernandez <moses () moses io>
Date: Wed, 8 Jan 2014 17:14:40 -0500

While this whole thing about Edward Snowden, the NSA, privacy, and all other interesting meme’s have been flying about 
for almost a year now, I found this story rather interesting:

http://www.nytimes.com/2014/01/07/us/burglars-who-took-on-fbi-abandon-shadows.html?_r=0

Just thought that while everyone debates these interesting targets from a technical perspective, zero-day and weaponize 
clandestine operations in the world of cyber, I thought this article took us back to a ‘simpler’ time. Simple from a 
consumer standpoint anyway. It’s also intereting to see the cyclical nature o these things. I’m not passing judgement 
nor am I lawyer. Fascinating however. So while clicking the link, I just want to say, relevant. 

On Jan 8, 2014, at 4:08 PM, Dave Aitel <dave () immunityinc com> wrote:


http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html

Should NSA point out holes?

Among the weapons in the NSA’s arsenal are “zero day” exploits, tools that take advantage of previously unknown 
vulnerabilities in software and hardware to break into a computer system. The panel recommended that U.S. policy aim 
to block zero-day attacks by having the NSA and other government agencies alert companies to vulnerabilities in their 
hardware and software. That recommendation has drawn praise from security experts such as Matt Blaze, a University of 
Pennsylvania computer scientist, who said it would allow software developers and vendors to patch their systems and 
protect consumers from attacks by others who may try to exploit the same vulnerabilities.

“This is not to say that reporting a vulnerability means that NSA can’t also exploit it against their targets, only 
that their overall national security role means that their first responsibility must be to work to fix it,” Blaze 
said.

But Schaeffer said: “You’re taking a potential weapon away from the very people we’re asking to protect the nation. 
Those people ought to be able to use their best technical professional judgment as to when it’s appropriate to alert 
industry that there’s a vulnerability.”


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]