Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons

Posted by samzenpus on from the here-comes-the-fallout dept.

Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

6 of 123 comments (clear)

  1. Re:Statism vs. Libertarianism again by mlw4428 · · Score: 4, Insightful

    Wait, why? Why does that have to be so black and white? There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.

  2. Re:Statism vs. Libertarianism again by PraiseBob · · Score: 3, Insightful

    Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.

    Am I allowed to oppose dumping raw mercury into rivers & streams, if I support freedom to travel by airplane? After all, both are forms of pollution in the same sense that computers and guns can both be used as weapons.

  3. Re:Statism vs. Libertarianism again by thedavidcathey · · Score: 2, Insightful

    This is nuts. The industry has been working hard on this (and the large quantity of security, firewall, anti-virus speaks to that), but it's a difficult problem. Do you really think the bad actors (individuals, groups, and governments) are going to dissuaded by some regulation?

  4. Yet again Adobe by Virtucon · · Score: 5, Insightful

    Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.

    This company needs to just be banned from producing any software, period, unless they provide the source code as well.

     

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  5. Re:Statism vs. Libertarianism again by Nutria · · Score: 4, Insightful

    You do your cause no good when you edit out crucial words.

    The actual quote: "A foolish consistency is the hobgoblin of little minds".

    --
    "I don't know, therefore Aliens" Wafflebox1
  6. Re:Wasn't their a rule about selling exploits? by horm · · Score: 2, Insightful

    Considering they're based out of Milan, I doubt they were that concerned about US regulations.