Re: Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them
Alfonso De Gregorio
alfonso.degregorio at gmail.com
Sun Sep 6 10:44:58 PDT 2015
On Sun, Sep 6, 2015 at 3:51 PM, Georgi Guninski <guninski at guninski.com> wrote:
> On Sat, Sep 05, 2015 at 03:48:48PM +0000, Alfonso De Gregorio wrote:
>>
>> .... I ask vulnerability sellers: How
>> effective your favorite exploit acquisition platform / program is at
>> preventing this from happening again?
>>
>
> You mean something like the the dear nsa:
> http://www.theregister.co.uk/2015/09/04/nsa_explains_handling_zerodays/
>
> Mind-blowing secrets of NSA's security exploit stockpile revealed at
> last
> Incredible document has to be seen to be believed
It made me reconsider the true meaning of [XXXXXXXXXXX] to read about
[XXXXXXXXXXX] and, especially, [XXXXXXXXXXX].
More seriously: After years of fierce debate, vulnerability disclosure
is still looking for a convincing answer. The NSA may contribute its
substantial share to discussion --- albeit less to the practice --- of
vulnerability disclosure. Needless to say, it would have been more
helpful to read a less heavily redacted 'Vulnerabilities Equities
Policy and Process' to this end.
On September 29, NTIA will convene a meeting on this topic. For those
considering to attend it
http://www.ntia.doc.gov/september-29-multistakeholder-meeting-vulnerability-disclosure-pre-registration
Will we never stop from drinking from the (endless?) stream of
exploitable vulnerabilities?
-- Alfonso
More information about the cypherpunks
mailing list