(so governments making use of 0day might even be a net security positive vs 0days staying dormant until criminals make use of them)
-
-
Replying to @qwertyoruiopz @saleemrash1d and
I dunno, it's a pretty weak argument, the victim can detect it and then use it to attack other people. That has really happened, e.g. Shadow Brokers.
1 reply 0 retweets 6 likes -
Replying to @taviso @saleemrash1d and
are entities capable of detecting use of such 0day really unable to procure 0day on their own anyway?
3 replies 1 retweet 10 likes -
Replying to @qwertyoruiopz @saleemrash1d and
In some cases, sure - hard to imagine some terrorist in a cave has access to a 0day broker. To be clear, I absolutely think the military should be able to get access to comms equipment of dangerous people, but... not by putting innocent people at risk.
2 replies 0 retweets 4 likes -
Replying to @taviso @saleemrash1d and
is some terrorist in a cave able to detect use of 0day and re-weaponize it against others? seems far-fetched. and as long as governments aren't actively planting 0day, i'd assume innocent people were at risk the whole time anyway, but unaware.
3 replies 0 retweets 8 likes -
Replying to @qwertyoruiopz @taviso and
i think that 0day use eventually resulting in bugs being patched and making people overall safer as a side-effect is a more likely outcome than our hypothetical terrorist-in-a-cave catching 0day and turning them against innocent people outcome.
1 reply 0 retweets 4 likes -
Replying to @qwertyoruiopz @saleemrash1d and
It's a nice rationalization, but you can't prevent other people finding the same bug you did, and using it to support a cause that you would find objectionable. I thought your argument was that "maybe someone will see me exploiting it and fix it, so it's better than nothing"?
1 reply 0 retweets 2 likes -
Replying to @taviso @saleemrash1d and
my argument is a bit more than just that, but i do think the likelihood of this happening is higher than the likelihood of overall negative outcomes.
1 reply 0 retweets 2 likes -
Replying to @qwertyoruiopz @saleemrash1d and
Tavis Ormandy Retweeted Samuel Groß
We know for sure that independent rediscoveries happen, and even collide with in-the-wild exploits. Doesn't that prove it's more likely than your scenario of harmless while dormant exploits? Here's a recent example,https://twitter.com/5aelo/status/1143548622530895873 …
Tavis Ormandy added,
2 replies 0 retweets 3 likes -
Replying to @taviso @saleemrash1d and
you're assuming the bad guys wouldn't have found the vulnerabilities anyway, and you're assuming that the good guys know about *all* 0day.
1 reply 0 retweets 4 likes
I don't follow sorry, I don't see how I'm assuming that.
-
-
Replying to @taviso @saleemrash1d and
i replied to the wrong tweet with that one I think, oops
1 reply 0 retweets 1 like -
Replying to @qwertyoruiopz @saleemrash1d and
No worries, they're coming thick and fast haha
0 replies 0 retweets 1 like
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.