That's really interesting, it's not governments accessing data that bothers you, it really is literally the implementation details of that access. I guess that answers my question!
-
-
I think that is a fair summation of my position; one is at scale and largely impossible to defend against (legaly compelling) especially on a global scale and the other is natural law and impossible to prevent.
1 reply 0 retweets 3 likes -
I understand, but the counter argument would be there's no way for a government to hoard 0day without putting innocent people at risk (because you can't prevent other people discovering bugs and abusing them). This is why I don't like governments using 0day.
2 replies 0 retweets 2 likes -
if you can't sell your vulnerabilities to governments, aren't there fewer people looking for them now? so the bugs still aren't getting fixed.
2 replies 0 retweets 3 likes -
Replying to @saleemrash1d @taviso and
there's also an argument to be made that for each time anyone uses an 0day, the risk of 0day being caught ITW increases.
1 reply 0 retweets 11 likes -
Replying to @qwertyoruiopz @saleemrash1d and
(so governments making use of 0day might even be a net security positive vs 0days staying dormant until criminals make use of them)
1 reply 0 retweets 7 likes -
Replying to @qwertyoruiopz @saleemrash1d and
I dunno, it's a pretty weak argument, the victim can detect it and then use it to attack other people. That has really happened, e.g. Shadow Brokers.
1 reply 0 retweets 6 likes -
Replying to @taviso @saleemrash1d and
are entities capable of detecting use of such 0day really unable to procure 0day on their own anyway?
3 replies 1 retweet 10 likes -
Replying to @qwertyoruiopz @saleemrash1d and
In some cases, sure - hard to imagine some terrorist in a cave has access to a 0day broker. To be clear, I absolutely think the military should be able to get access to comms equipment of dangerous people, but... not by putting innocent people at risk.
2 replies 0 retweets 4 likes -
Replying to @taviso @qwertyoruiopz and
How does that happen without 0-day?
1 reply 1 retweet 0 likes
Infiltrate cells with undercover spies, supply chain attacks, drop someone out of a helicopter with night vision goggles and steal it? The military has effectively unlimited resources.
-
-
Replying to @taviso @qwertyoruiopz and
0day can be effective and remote and avoiding risk to human life, effectively unlimited or not.
0 replies 1 retweet 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.