[liberationtech] Foxacid payload
coderman
coderman at gmail.com
Thu Jul 17 12:32:26 PDT 2014
On Thu, Jul 17, 2014 at 12:19 PM, Andy Isaacson <adi at hexapodia.org> wrote:
> ...
> And once you've patched this bug, FOXACID will update to issue another
> 0day.
>
> It's worth doing, for sure! Patching bugs makes us all incrementally
> safer.
>
> But don't pretend that patching the specific attack your adversary is
> currently using will disable or even seriously inconvenience the
> adversary.
this is exactly why some who have received these payloads are sitting
on them, rather than disclosing.
it is more useful to mitigate privately, and observe how/when an
exploit is used,
than burn it publicly for zero effective security improvement.
(the less scrupulous would sell to highest bidder for other clandestine hacks)
better ideas welcome!
best regards,
--
Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
More information about the cypherpunks
mailing list