(so governments making use of 0day might even be a net security positive vs 0days staying dormant until criminals make use of them)
-
-
Replying to @qwertyoruiopz @saleemrash1d and
I dunno, it's a pretty weak argument, the victim can detect it and then use it to attack other people. That has really happened, e.g. Shadow Brokers.
1 reply 0 retweets 6 likes -
Replying to @taviso @saleemrash1d and
are entities capable of detecting use of such 0day really unable to procure 0day on their own anyway?
3 replies 1 retweet 10 likes -
Replying to @qwertyoruiopz @taviso and
There was an office 0day a few years ago. It was first detected in Pakistan, and then about a month later it was detected in India. The Pakistanis had caught it, and then repackaged with their own payload and sent back. It was only discovered after a third party got popped
1 reply 3 retweets 10 likes -
what's the rate at which this happens, and what's the rate at which exploits are found ITW by security companies that then kill them? I'd speculate that latter is a lot more likely.
1 reply 0 retweets 2 likes -
Replying to @qwertyoruiopz @taviso and
I have no idea of the real numbers for either. I was offering it up as an amusing anecdote. I don’t think it is really relevant anyway. How does key escrow enable stuxnet? If it can’t, then how does key escrow replace 0day as tools for nation states?
2 replies 1 retweet 6 likes -
Replying to @thegrugq @qwertyoruiopz and
You order Microsoft to put a signed update on WSUS?
4 replies 0 retweets 3 likes -
In this scenario there is a increased risk of being caught vs a built in backdoor; it also requires being to compel not only signing but construction of the hacked binary which atleast in the US has been determined to be illegal. Beyond that it doesn’t scale to needed volumes.
1 reply 0 retweets 1 like -
A similar attack worked when the feds used it for hushmail, no? Not sure I agree it's illegal, because it's really happened in the past.
2 replies 0 retweets 1 like -
1 reply 0 retweets 1 like
Right, but didn't they just give up without the matter being settled when they bought a 0day?
-
-
IANAL but I read there is substantial case law supporting the Apple argument and a loss was very likely which would have taken this off the table in a even more concrete way should they proceeded.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.