Some, maybe all, of those sitting on Snowden docs would/are selling to the highest bidder for other clandestine hacks. The fundamental purpose of security is to do that lulling, gulling and smiling at the ease with which trust can be exploited when a manufactured crisis drives the fearful into gaping maws of protection. The especially private kind, the higher the secrecy the higher the price, is most effective. Fake highest classification markings obligatory. The frenzy to exploit Snowden revelations, tiny as they are, has saved the security industry -- mil-com-spy-edu-org-hackers -- from post-2-war decline. BTW, what are the odds all parties to the Snowden boondoggle are placing on hot war cyberwar to surpass the cool stinking-poo of AV and security vendors planting malware to foster upticks of market? No nonsense Omidyar has bet $200 million on peddling security products generated by his $50 million investment in insecurity scare news via Snowden cornicopia of NSA scare programs, which in turn have received huge boosts of counter-Snowden actions by the usual suspects of mil-com-spy-edu-org-hackers. Nothing like it since 9/11. Thank you, Edward Snowden, thank you media, for prolonging godsent cyber fear and salvation. Dust off cyber Pearl Harbor posters for Defcon, HOPE, Blackhat, this very sordid squat.

this is exactly why some who have received these payloads are sitting on them, rather than disclosing.

it is more useful to mitigate privately, and observe how/when an exploit is used, than burn it publicly for zero effective security improvement.

(the less scrupulous would sell to highest bidder for other clandestine hacks)

better ideas welcome!

best regards, -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu.