Re: Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them

Alfonso De Gregorio alfonso.degregorio at
Sun Sep 6 10:44:58 PDT 2015

On Sun, Sep 6, 2015 at 3:51 PM, Georgi Guninski <guninski at> wrote:
> On Sat, Sep 05, 2015 at 03:48:48PM +0000, Alfonso De Gregorio wrote:
>> .... I ask vulnerability sellers: How
>> effective your favorite exploit acquisition platform / program is at
>> preventing this from happening again?
> You mean something like the the dear nsa:
> Mind-blowing secrets of NSA's security exploit stockpile revealed at
> last
> Incredible document has to be seen to be believed

It made me reconsider the true meaning of [XXXXXXXXXXX] to read about
[XXXXXXXXXXX] and, especially, [XXXXXXXXXXX].

More seriously: After years of fierce debate, vulnerability disclosure
is still looking for a convincing answer. The NSA may contribute its
substantial share to discussion --- albeit less to the practice --- of
vulnerability disclosure. Needless to say, it would have been more
helpful to read a less heavily redacted 'Vulnerabilities Equities
Policy and Process' to this end.

On September 29, NTIA will convene a meeting on this topic. For those
considering to attend it

Will we never stop from drinking from the (endless?) stream of
exploitable vulnerabilities?

-- Alfonso

More information about the cypherpunks mailing list