Should Firefox have implemented an insecure sandboxed browser?
Ryan Carboni
ryacko at gmail.com
Fri Aug 25 00:22:00 PDT 2017
Should Firefox have implemented an insecure sandboxed browser vs waiting to
perfect a browser and then releasing it?
It's hard to say. If the decision immediately broke exploits and increased
the difficulty by even a single digit percentage, maybe, but Zerodium took
time to make decisions on this, so it won't be for months if any decision
would be the right one.
Regardless:
https://www.schneier.com/academic/paperfiles/paper-keylength.pdf
Type of Attacker, (Budget), Length Needed for Protection in 1995
Small Business, ($10,000), 55
Corporate Department, ($300K), 60
Big Company ($10M), 70
Intelligence Agency, ($300M), 75
it is safe to say that all consumer products provide only 60 bits of
security in 1995 dollars, with the exception of mobile devices.
Few know this, but during the Fappening, Hollywood fixers attempted to
exhaust the bandwidth of those sharing the photos. Some of those fixers
previously hired Pellicano, who engaged in wiretapping to aide one side
gain an edge during a dispute.
There is plenty of money for cybersecurity. No one went looking.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1372 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170825/e066c08a/attachment.txt>
More information about the cypherpunks
mailing list