On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
On Thu, Jul 17, 2014 at 12:19 PM, Andy Isaacson <adi@hexapodia.org> wrote:
... And once you've patched this bug, FOXACID will update to issue another 0day.
It's worth doing, for sure! Patching bugs makes us all incrementally safer.
But don't pretend that patching the specific attack your adversary is currently using will disable or even seriously inconvenience the adversary.
this is exactly why some who have received these payloads are sitting on them, rather than disclosing.
it is more useful to mitigate privately, and observe how/when an exploit is used, than burn it publicly for zero effective security improvement.
(the less scrupulous would sell to highest bidder for other clandestine hacks)
better ideas welcome!
best regards,
/me agrees with this. how would the dear NSA respond to a target who ``borrowed'' the sploits, trolls them and advertises vulnerable to the borrowed sploits configuration, yet the borrowed sploits don't work? (the advertised configuration is not at all vulnerable to the borrowed sploits).