+ Reply to Thread
Page 5 of 14 FirstFirst ... 3 4 5 6 7 ... LastLast
Results 81 to 100 of 268

Thread: Wikileaks / Vault 7     submit to reddit submit to twitter

  1. #81
    IMPERIAL CONCUBINE OF ME
    Coolest Monkey In The Jungle

    Join Date
    Sep 2007
    Posts
    21,547
    BG Level
    10

    He is Russian

  2. #82
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    Paid shill?

  3. #83
    IMPERIAL CONCUBINE OF ME
    Coolest Monkey In The Jungle

    Join Date
    Sep 2007
    Posts
    21,547
    BG Level
    10

    Actually an American the CIA has made to look Russian

  4. #84

    Quote Originally Posted by Zetanio View Post
    Those tools have already been in the hands of god knows who.
    The report references a lot of zero day tools/vulnerabilities...so no, not all of them have been in the hands of god knows who else. If they were that prevalent then they would no longer be zero days.

    Honestly though, this entire dump just shows that the S in IoT totally stands for Security.

  5. #85
    IMPERIAL CONCUBINE OF ME
    Coolest Monkey In The Jungle

    Join Date
    Sep 2007
    Posts
    21,547
    BG Level
    10

    Assange giving long ass news conference on Vault 7 right now. They have decided to work with the individual companies on the zero days and the other exploits so they can fix them.

  6. #86
    Caesar Salad
    Join Date
    Nov 2009
    Posts
    28,300
    BG Level
    10

    Fix all the zero days except the ones the Russians are using...LOVELY

  7. #87
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    I wonder if they are making the companies pay for the access.

  8. #88
    BG Content
    Join Date
    Jul 2007
    Posts
    21,105
    BG Level
    10
    FFXI Server
    Lakshmi
    Blog Entries
    1

    Honestly, shouldn't the companies just be legally (and thus financially) responsible for putting out insecure products?

    We need a secret court so that when our government finds zero days, it can sue the companies for negligence while also keeping the zero day secret.

  9. #89
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    Quote Originally Posted by Byrthnoth View Post
    Honestly, shouldn't the companies just be legally (and thus financially) responsible for putting out insecure products?

    We need a secret court so that when our government finds zero days, it can sue the companies for negligence while also keeping the zero day secret.
    Yes and no. It's very situational.

  10. #90
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    You basically sign away a VAST majority of any possible litigation in the EULA/TOS.

  11. #91
    BG Content
    Join Date
    Jul 2007
    Posts
    21,105
    BG Level
    10
    FFXI Server
    Lakshmi
    Blog Entries
    1

    EULAs/TOSs get rid of personal claims, but the government could still make laws that basically make tech companies vulnerable to suits from the government if they effectively do harm to our national security by putting out ridiculously insecure products that can't be updated (see all Gen1/2 "Smart" items).

  12. #92
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    Quote Originally Posted by Byrthnoth View Post
    EULAs/TOSs get rid of personal claims, but the government could still make laws that basically make tech companies vulnerable to suits from the government if they effectively do harm to our national security by putting out ridiculously insecure products that can't be updated (see all Gen1/2 "Smart" items).
    You said goverment and regulations up there.

    Yeah that's not happening.

  13. #93
    We built this city
    We built this city on cock and stooooooone

    Join Date
    Aug 2006
    Posts
    4,661
    BG Level
    7
    FFXI Server
    Alexander

    Idk if this is going into tinfoil hat territory, but the government is probably not as interested in preventing these exploits from popping up as we would all like.

    https://twitter.com/Snowden/status/839171129331830784

  14. #94
    Atheist Douchebag.
    Pony Slayer of the House of Weave

    Join Date
    Oct 2006
    Posts
    21,387
    BG Level
    10
    FFXIV Character
    Zetanio Breaux
    FFXIV Server
    Gilgamesh
    FFXI Server
    Odin

    That's not tinfoil. They exploit all possible avenues. Also, if they know one's there, they can keep an eye on it to see who else is using it. Probably not though. I'm giving everyone way too much credit.

  15. #95
    IMPERIAL CONCUBINE OF ME
    Coolest Monkey In The Jungle

    Join Date
    Sep 2007
    Posts
    21,547
    BG Level
    10

    The Vault 7 press release linked to this article. (Looks like it has proper non anon sources) with a ton of info on that subject: https://jia.sipa.columbia.edu/online...uities_process

  16. #96
    We built this city
    We built this city on cock and stooooooone

    Join Date
    Aug 2006
    Posts
    4,661
    BG Level
    7
    FFXI Server
    Alexander

    Yeah, I think reckless is the right way to describe that behavior, assuming they're smarter than any other group/agency doing this.

  17. #97
    C A P S UNLEASH THE FURY
    Join Date
    Jul 2006
    Posts
    6,939
    BG Level
    8

    Quote Originally Posted by Byrthnoth View Post
    EULAs/TOSs get rid of personal claims, but the government could still make laws that basically make tech companies vulnerable to suits from the government if they effectively do harm to our national security by putting out ridiculously insecure products that can't be updated (see all Gen1/2 "Smart" items).
    Sure, if they wanted to kill the industry and fuck over the consumers.

    Pro tip: most consumers do not and should not care that their Smart TV can be hacked if a CIA Agent physically came to their home and tampered with it. At that point, what does it even matter?

    Half or more of these things, if you look into it, still need physical access. And while you can argue about the moral absolution issues inherent in "if you have nothing to hide," that is functionally how many people operate.

    I have no interest in paying a premium to secure my Echo or whatever. If some people do, they could theoretically spend the R&D costs to develop that model, for ex., but they won't, because it won't really sell.

    Also, there is pretty much never going to be an invulnerable device in the public space.

  18. #98
    BG Content
    Join Date
    Jul 2007
    Posts
    21,105
    BG Level
    10
    FFXI Server
    Lakshmi
    Blog Entries
    1

    Terms like negligence already imply discretion. Every exploit wouldn't necessarily have to be prosecuted. However, right now tech companies are fundamentally not responsible for the security of the products they sell and that is a problem in our increasingly networked world.

    In a few years, if Al Quaeda discovers a hole in a car autodriver system and uses it + google maps to crash all affected cars into US utility stations, I'd at least like to see the car's manufacturer get demolished in court for it. If the CIA knew about the hole but wasn't telling anyone because it gave them an A/V feed of a few bad guys in their cars, I'd hope pretty much everyone involved in their tech program was fired.

    If the CIA discovers said hole in advance and wants to make sure it's patched, they need some legal way to do that (like the one I proposed).

  19. #99
    C A P S UNLEASH THE FURY
    Join Date
    Jul 2006
    Posts
    6,939
    BG Level
    8

    Quote Originally Posted by Byrthnoth View Post
    Terms like negligence already imply discretion. Every exploit wouldn't necessarily have to be prosecuted. However, right now tech companies are fundamentally not responsible for the security of the products they sell and that is a problem in our increasingly networked world.
    Should we mandate that homes only be sold if they have ADT?
    Should we mandate that bikes only be sold if they come with bike locks?

    Security is a personal responsibility. I categorically reject the notion that our government should play any role in mandating the industry in this fashion. The cost implications are astronomical. If you've spent so much as an hour looking into the types of measures that are necessary to ensure even nominal security, then you will know how disastrous this would be for digital products of almost any kind.

  20. #100
    BG Content
    Join Date
    Jul 2007
    Posts
    21,105
    BG Level
    10
    FFXI Server
    Lakshmi
    Blog Entries
    1

    It's not like I'm saying a computer should come totally immune to viruses. That's just not reasonable. However, it also shouldn't come with a firmware/OS that can't be or isn't updated and has known vulnerabilities. Think of all the networked tech already in our lives. We've got computers, phones, routers, modems, smart TVs/lightbulbs/fridges/ovens, self-driving cars, personal assistant-bots like Alexa, etc. It's only going to get more prevalent, and we're outsourcing the continued security and maintenance of these networked devices to tech-incompetent endusers.

    For instance, a lot of Android phones are locked (without rooting the phone) to the OEM's update schedule (never). Hardware incompatibilities sometimes make it difficult for OEMs to upgrade full OS versions, but I'm sure some upgrades and patches are possible. At the very least, phone users should be made aware when their phone has known vulnerabilities without having to stay current on tech news.

    I'm not asking for a lot, just more than literally nothing.

+ Reply to Thread
Page 5 of 14 FirstFirst ... 3 4 5 6 7 ... LastLast