[liberationtech] Foxacid payload

Georgi Guninski guninski at guninski.com
Mon Jul 21 08:21:48 PDT 2014


On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
> On Thu, Jul 17, 2014 at 12:19 PM, Andy Isaacson <adi at hexapodia.org> wrote:
> > ...
> > And once you've patched this bug, FOXACID will update to issue another
> > 0day.
> >
> > It's worth doing, for sure!  Patching bugs makes us all incrementally
> > safer.
> >
> > But don't pretend that patching the specific attack your adversary is
> > currently using will disable or even seriously inconvenience the
> > adversary.
> 
> 
> this is exactly why some who have received these payloads are sitting
> on them, rather than disclosing.
> 
> it is more useful to mitigate privately, and observe how/when an
> exploit is used,
>  than burn it publicly for zero effective security improvement.
> 
> (the less scrupulous would sell to highest bidder for other clandestine hacks)
> 
> 
> better ideas welcome!
> 
> 
> best regards,


/me agrees with this.

how would the dear NSA respond to
a target who ``borrowed'' the sploits,
trolls them and advertises vulnerable
to the borrowed sploits configuration,
yet the borrowed sploits don't work?
(the advertised configuration is not
at all vulnerable to the borrowed
sploits).







More information about the cypherpunks mailing list