Slashdot Mirror


Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons

Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

2 of 123 comments (clear)

  1. Statism vs. Libertarianism again by mi · · Score: -1, Troll

    Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help.

    The usual Statism vs. Libertarianism argument. Whichever side you are on, dear reader, you must be consistent: you can not oppose "regulation" of security researchers while, at the same time, supporting "common sense limits" on gun-ownership, for example.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: -1, Troll

      Because one happens all the time, and the other is fairly rare. Lets do everything we can to prevent the latter, and nothing to stop the former is just as silly of an option.

      OR to put it into terms that even simple binary viewed liberals can understand, there are a lot more people who have had their lives ruined by cyber attacks/fraud/abuse than guns.

      We're not talking about JUST "adobe flash exploit" (nice mocking tone there btw), we're talking about exploits that are used to gain access to all sorts of information that cause BILLIONS of dollars in damages every year, affecting Millions of people. So, while Murder (already against the law) is bad, so too is the impact on data breaches.

      And frankly, putting everything in the hands of government is much scarier proposition than the small chance I get killed by a gun. BTW, I have had a murder tragedy in my life, three of my best friends growing up were killed, not with a gun. If guns kill people, then spoons make people fat.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.