Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons

Posted by samzenpus on from the here-comes-the-fallout dept.

Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

123 comments

  1. Statism vs. Libertarianism again by mi · · Score: -1, Troll

    Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help.

    The usual Statism vs. Libertarianism argument. Whichever side you are on, dear reader, you must be consistent: you can not oppose "regulation" of security researchers while, at the same time, supporting "common sense limits" on gun-ownership, for example.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Statism vs. Libertarianism again by mlw4428 · · Score: 4, Insightful

      Wait, why? Why does that have to be so black and white? There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.

    2. Re:Statism vs. Libertarianism again by PraiseBob · · Score: 3, Insightful

      Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.

      Am I allowed to oppose dumping raw mercury into rivers & streams, if I support freedom to travel by airplane? After all, both are forms of pollution in the same sense that computers and guns can both be used as weapons.

    3. Re:Statism vs. Libertarianism again by mi · · Score: -1, Offtopic

      There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.

      There is not. Shutting down NYSE, for example, cost billions of dollars. At $10 mln per life, that's hundreds of lives right there...

      --
      In Soviet Washington the swamp drains you.
    4. Re:Statism vs. Libertarianism again by thedavidcathey · · Score: 2, Insightful

      This is nuts. The industry has been working hard on this (and the large quantity of security, firewall, anti-virus speaks to that), but it's a difficult problem. Do you really think the bad actors (individuals, groups, and governments) are going to dissuaded by some regulation?

    5. Re:Statism vs. Libertarianism again by mi · · Score: 2, Informative

      Am I allowed to oppose dumping raw mercury into rivers & streams, if I support freedom to travel by airplane?

      You are allowed to dislike anything you want. What you do about it, however, needs to be consistent. If you want government to fight pollution, for example, you should support governmental efforts to fight all of it. If, instead, you prefer the problem be solved by boycotts and lawsuits by the people actually suffering from the ill-effects, then that too view should, also apply to all kinds of pollution.

      That said, could you not have come up with a less contrived example? Raw mercury is too valuable for anybody to just dump it into a river...

      --
      In Soviet Washington the swamp drains you.
    6. Re:Statism vs. Libertarianism again by mlw4428 · · Score: 1

      Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?

    7. Re:Statism vs. Libertarianism again by netsavior · · Score: 4, Interesting

      Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.

      I think you are wrong about that. The ideological stance on gun ownership in the bill of rights had a lot to do with empowering people to overthrow their corrupt government. Guns no longer have that power for the most part. Computers do. When was the last time a Deer Rifle toppled a world power? When was the last time twitter did? The answer is 2011 Or maybe even 2014

      Computers aren't the same thing as guns, in fact they are a lot more powerful.

    8. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: -1, Troll

      Because one happens all the time, and the other is fairly rare. Lets do everything we can to prevent the latter, and nothing to stop the former is just as silly of an option.

      OR to put it into terms that even simple binary viewed liberals can understand, there are a lot more people who have had their lives ruined by cyber attacks/fraud/abuse than guns.

      We're not talking about JUST "adobe flash exploit" (nice mocking tone there btw), we're talking about exploits that are used to gain access to all sorts of information that cause BILLIONS of dollars in damages every year, affecting Millions of people. So, while Murder (already against the law) is bad, so too is the impact on data breaches.

      And frankly, putting everything in the hands of government is much scarier proposition than the small chance I get killed by a gun. BTW, I have had a murder tragedy in my life, three of my best friends growing up were killed, not with a gun. If guns kill people, then spoons make people fat.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    9. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: 0, Flamebait

      And by "fairly rare" I mean in most places, except liberal run towns like Chicago. If you take out the liberal run towns with the highest gun violence, you'll find that gun deaths are indeed fairly rare. You are more likely to be killed driving home tonight.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    10. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Fuck you. YOUR life ain't worth a penny.

    11. Re: Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Keep telling yourself that when a bunch of thugs break down your door and pepper you with bullets, and shit on your face as you breathe your last. Brawns beats brains every time.

    12. Re:Statism vs. Libertarianism again by 6ULDV8 · · Score: 5, Funny

      > You are more likely to be killed driving home tonight.

      That's why I tell my employer I have to get home before sunset.

      --
      Pull my finger for my public key.
    13. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      NYSE ... cost billions of dollars. At $10 mln per life, that's hundreds of lives right there.
      You could at least read your own citation, which describes "the marginal cost of death prevention in a certain class of circumstances". That's not the same thing as a glitch at the NYSE.

    14. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help.

      The usual Statism vs. Libertarianism argument. Whichever side you are on, dear reader, you must be consistent: you can not oppose "regulation" of security researchers while, at the same time, supporting "common sense limits" on gun-ownership, for example.

      False dichotomy. Go away and work for the media where they will pay you for such logical stupidity.

    15. Re:Statism vs. Libertarianism again by benjfowler · · Score: 1

      Consistency is the hobgoblin of a small mind.

    16. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      And frankly, putting everything in the hands of government is much scarier

      Yeah, right, so we form corporations like Hacking Team to do the "dirty work" so you and mi can sit around in your circle jerk and tell us all how awesome the free market is and how pesky things like the Constitution need not apply to them when the company openly admits that their sole customer is the government.

      Government regulation on this is complete bullshit, it is clear that neither the Republicans nor the Democrats will ever cut down on this abuse of power. But cheerleading for the "other team" is also bullshit, I fully expect the first thing to come out of the government will be a law to hold Hacking Team completely harmless for the damage they have caused (see also warrantless wiretapping).

    17. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Nuance, brother! Look into it, it's a fantastic thing.

    18. Re:Statism vs. Libertarianism again by mlw4428 · · Score: 3, Informative

      > If you take out the liberal run towns with the highest gun violence, you'll find that gun deaths are indeed fairly rare.

      Ah, there it is, that's the real reason for your argument. See I was missing how you were equating identity theft (which while a headache is less of a headache than death) with getting shot, but then I realized that this was your opportunity to take a jab at liberals.

      You're twisting information to suite your narrative. You've also neglected to mention that (based on whatever uncited source you're claiming to get your information about gun crimes from) that Republican led states have much higher levels of crime than Democrat states. This information was based off of the analysis of the 2008 Uniform Crime Reports. You can find that analysis here: http://editions.lib.umn.edu/sm...

      Of course there's also more recent studies (seen here: https://www.americanprogress.o...) that show a link between lax gun laws and higher gun crime rates. More directly it shows that states with the highest gun crimes (which are typically conservative states) have the highest crime rates. In fact Alaska, Louisiana, Montana, and Alabama rank higher (per capita) in firearm deaths than Democratic states. For comparison while all of the above states were at least 4 points above the national average of 10.26 deaths/100,000 people Illinois was ~2 points LOWER than the national average.

      I suppose it's easier to just throw out random uncited sources and half-baked facts without researching the overall data. Especially when your entire goal is to slander a political view that you apparently disagree with. But the short of the long is that none of the above discussion is a valid answer on why everything should be black and white. I personally think you're just trolling -- even if it's not a conscious decision to troll.

    19. Re:Statism vs. Libertarianism again by Nutria · · Score: 4, Insightful

      You do your cause no good when you edit out crucial words.

      The actual quote: "A foolish consistency is the hobgoblin of little minds".

      --
      "I don't know, therefore Aliens" Wafflebox1
    20. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      You're twisting information to suite your narrative. You've also neglected to mention that (based on whatever uncited source you're claiming to get your information about gun crimes from) that Republican led states have much higher levels of crime than Democrat states.

      That's how he operates. Check out his post history, he has never, once, held a discussion here in good faith as soon as he sees an opportunity to twist it into Us vs. Them. Ironic considering his namesake.

    21. Re:Statism vs. Libertarianism again by DarkOx · · Score: 2

      I think he is right to do. Human life clearly has a dollar value. I would argue not an especially high one either. Consider there are 8 Billion of us. You can't get much more commodity than that. The world as a whole would arguable be better off with fewer people too.

      Value has a great deal to do with what has been invested in them in terms of education, care, feeding etc. Than you need to consider things like survival rates. Certainly a healthy teenager is more valuable than a newborn. Much of the risk premature death has been removed, as has the possibility for many debilitating conditions being unknown. We can make a lot assumptions about future productivity as well based on physic, intelligence, etc.

      While we can never say Bob over there is worth a half a million but we can certainly say in the abstract sense the average 22 year old native born American is worth $X. To that end we can measure the cost of the NYSE being down in lives.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    22. Re: Statism vs. Libertarianism again by netsavior · · Score: 1

      Anyone can kill a person. It takes everyone to kill a government.

    23. Re:Statism vs. Libertarianism again by dj245 · · Score: 3, Interesting

      There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.

      There is not. Shutting down NYSE [slashdot.org], for example, cost billions of dollars. At $10 mln per life [wikipedia.org], that's hundreds of lives right there...

      Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?

      It's a very poor example but a valid point. A much better example would be fraud [identity theft], ransomware, spam, etc. With computers you can easily steal time from people on an unimaginable scale.

      Suppose someone hacks me, and I get off relatively "easy". I may spend 1 hour of my time canceling a credit card, activating the new card when it comes, and changing all the passwords of all the accounts that the credit card number is associated with. That's probably on the very low end of what a hack can cost an individual.

      The hacker doesn't stop there. They repeat their act 1,000,000 times. That's a fairly successful and prolific hacker, but not unheard of, espeicially if the attack vector is a business. At just an hour apiece per victim, 1 million victims is 114 total man-years spent cleaning up. Nobody died, but an entire lifetime has been stolen.

      The Target hack(s) affected "up to 110 million people". If we take that figure at face value, and each victim spent only an hour dealing with it, that's 12,557 years or roughly 148 lifetimes. Even if I count injured people, I can't find a mass shooting that comes anywhere near 148 lifetimes.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    24. Re:Statism vs. Libertarianism again by Jiro · · Score: 2

      "High crime in Republican states" can mean high crime in Democratic-run areas within Republican states.

    25. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: 2, Informative

      For the people that think my post is a troll:

      http://dailycaller.com/2012/04...

      http://townhall.com/tipsheet/k...

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    26. Re:Statism vs. Libertarianism again by Electricity+Likes+Me · · Score: 1

      "High crime in Republican states" can mean high crime in Democratic-run areas within Republican states.

      Yeah it could. Of course he doesn't know that, because he didn't do even a cursory review of the data before he formed his opinions. Of course I don't either, but that's also because who runs a district is pretty irrelevant to a discussion of whether district, state and federal policy combinations are leading to a particular outcome.

      For comparison: mass shootings of the type the US have do not occur in the developed world at anything like the frequency they do in the US. And the US has had to redefine "mass" in the media to mean more then 3-4 people at the same time.

    27. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      You can't have it both ways, they're Republican states or Democrat states.

    28. Re:Statism vs. Libertarianism again by AmiMoJo · · Score: 1

      The key difference is that if you spend an hour sorting out your credit card you continue to live the rest of your life afterwards with few ill effects.

      So-called cyber weapons can kill people. Governments use them to target people they don't like, and sometimes it ends in murder. More often it ends up in lives ruined, people rotting in jail. We don't allow people to supply physical weapons to those governments, so perhaps we shouldn't allow them to supply cyber ones either,

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    29. Re:Statism vs. Libertarianism again by mi · · Score: 0

      Are you making a serious argument in comparing people getting shot and the NYSE shutdown?

      Any serious economic loss can be compared to lost life(ves). The link I gave you explains, how the value of life is computed — it is done based on our own attitudes.

      For example, if you aren't willing to spend $5000 on an airbag, that would improve your chances of survival by %0.1, then you value your own life at less than $5 mln.

      For another, closer to home example, consider the horrendous losses of Ukrainian fighters resisting Russia for the last year: a whopping 1/3rd of those wounded in battle have died (NATO's acceptable average is about 3% — 10 times!).

      Most of the deaths were due to blood loss. A single doze of Celox would've saved one such wounded man — $10-20 delivered to Kyiv, but many either could not afford it or chose to spend money on something else instead.

      --
      In Soviet Washington the swamp drains you.
    30. Re:Statism vs. Libertarianism again by mi · · Score: 2

      Fuck you. YOUR life ain't worth a penny.

      You forgot to include the usual Illiberal imploration to Please, don't hate.

      --
      In Soviet Washington the swamp drains you.
    31. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Hmm, one source cites a 404'd page as their source, and the other doesn't give numbers for gun crime. Try again, with less goalpost-moving.

    32. Re:Statism vs. Libertarianism again by Pinky's+Brain · · Score: 2

      Shutting down NYSE changes the distribution of some electronic assets, a cost for some and a gain for others ... I wouldn't even be 100% certain the attack decreased GDP.

    33. Re:Statism vs. Libertarianism again by Lunix+Nutcase · · Score: 1

      Why? Because you said so? That's hardly a compelling argument.

    34. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      Only if you throw out the legal theory of making someone whole. The only reason a court assigns a value to a life is that it doesn't have the option of resurrection. But whatever that value is, you can't tell me honestly that the family of the deceased feels just fine about it if you pay $X for killing Dad.

    35. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      Only if you throw out the legal theory of making someone whole.

      Which is a sensible thing to do here. After all, most decisions which harm people are made by people concerning their own health and safety.

    36. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      Either I don't understand what you're trying to say or it simply doesn't follow.

    37. Re:Statism vs. Libertarianism again by penguinoid · · Score: 1

      I think a better example is that money can be used to save lives. There's a whole lot of different ways to save lives using money, a few examples are medical research, medical care, reducing pollution, safety equipment, reducing poverty, reducing stress. Clearly, at least some people value money more than lives -- or at the very least, choose money over lives. And by "some people" I mean "basically everyone, although they wouldn't admit it even to themselves".

      Don't worry though -- if our species spent every single moment of our lives doing everything humanly possible to avoid loss of life, we'd be totally worthless and accomplish nothing.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    38. Re:Statism vs. Libertarianism again by penguinoid · · Score: 1

      For example, if you aren't willing to spend $5000 on an airbag, that would improve your chances of survival by %0.1, then you value your own life at less than $5 mln.

      Nah, that proves that 0.1% doesn't exist and is really 0%.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    39. Re:Statism vs. Libertarianism again by mwvdlee · · Score: 1

      So according to you, if you must be consistent than...
      Statists must support regulating security research, gun-ownership, gay marriage, abortion and everything else.
      Libertarianists must oppose regulating security research, gun-ownership, gay marriage, abortion and everything else.
      Or can people support regulating some things and oppose regulating other things?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    40. Re: Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      The presupposition of "gun crime" is one problem. How is a gun murder or violence any worse than any other kind of murder or violence? You do know people get killed a lot of ways, right?

      A lot of organizations that exploit irrational fears to further their goals massage the stats to fit their narrative. A good example is "mother Jones'" statistics on "child gun deaths" including people to age 25 as children. (This ensures they get all the gang deaths included for maximum fear factor).

    41. Re:Statism vs. Libertarianism again by DarkOx · · Score: 1

      Where I was going was that, individually to the people who care about us we are all priceless. Most of us would spend every last cent we had to save our child or spouse etc. When it comes to civil judgments and the like making people whole is a good enough system. A court can look at the individual situation and do something that is 'fair'.

      At the macro social policy level its a different story. We MUST make decisions about how much we are willing to spend on counter terrorism, or social safety net programs, or health care etc. To do that rationally we do need to put some gross value numbers on people.

      It really is the case that at least based on my reasoning that society for example has an interest in effecting a stronger security posture at a high school than at an elementary school, because at least to society Teenagers are actually more valuable than young children. Putting quantitative values on people in aggregate is useful and necessary if we want to rationally allocate public resources.

      However while I'll believe government needs to act quantitatively and not look at the individual, I am still a libertarian. I believe simultaneously that we need to concentrate as much power and choice as possible with the individual rather than with society, because I know the intangibles are important, sometime more important than anything else. Often the only people who can recognize the true value of something or even other people are those are immediately around it.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    42. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      After all, most decisions which harm people are made by people concerning their own health and safety.

      Indeed. Once again, individual freedom is to be blamed for most decisions which harm people. If only people would just let us benevolent dictators make all the decisions. At worst, you get a few bad dictators, but a single bad dictator is a lot easier to remove than trying to convince an entire population to change in a democracy.

      Really, why are you guys so anti-dictators? Imagine if America was a dictatorship. You could let 1% of the people have all the nation's wealth. You could help your rich friends get richer by cutting their taxes. And bailing them out when they gamble and lose. You could ignore the needs of the poor for health care and education. Your media would appear free, but would secretly be controlled by one person and his family. You could wiretap phones. You could torture foreign prisoners. You could have rigged elections. You could lie about why you go to war. You could fill your prisons with one particular racial group, and no one would complain. You could use the media to scare the people into supporting policies that are against their interests.

    43. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      It is a useful tool for finding relative risks and figuring out what we can afford to do, but it breaks down when we try to use it to valuate human death vs. economic losses. It is important to remember that there is a limit to how far the fiction of valuation of life can go.

      A prominent example of that error is the rather infamous Ford Pinto case.

      It becomes much more problematic when compounded with another thing (in this case liberty) that is hard to place a proper value on.

      Personally, while I don't find it hypocritical to support regulating one and not the other, I am a supporter of 2nd amendment rights and the right to own and produce hacking tools. It's the uses of them and knowingly providing them for unacceptable uses I support regulating.

    44. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      For me, the reason I'm anti-dictatorship is the remote possibility that I might not get to be the dictator.

    45. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Not true at all. Georgia could easily be considered a Republican State (Gov & Fed Elections would indicate that). But if you look at the majority of crime, it is in Atlanta, a completely Democrat run area (yes, that's where I'm from). With the highest crime rates in pockets inside Atlanta with the most liberal local governments. The few "safe-havens" around it (burbs/OTP) are typically Republican led. I'm not saying that is the cause, but there is clearly correlation. I think culture and economics play as much if not a bigger role in the cause, and are clearly correlated as well. This is true in much of the South USA.

      So to take Georgia's Gun laws and overall crime rates and draw a direct cause and effect is asinine. To get meaningful data you need to look at smaller samples. Remove Macon, Columbus, and Atlanta (ITP) shootings, and the statistics tell a very different story. If anything, all this shows is, over-populated, under-educated, low income areas, tend to have high crime rates, which correlates directly with increased gun violence. Well NO SH1T, and that fact should not drive our gun laws, but rather drive our efforts to improve education, local cultural norms, create meaningful jobs, and renovate depressed areas, etc. Guns magnify the problem, but are not THE problem. I haven't seen any meaningful statistics that show otherwise. Plus there is the whole common-sense thing....

    46. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Well, you miss 100% of the shots you don't take.

      Do you also reject the free market, because of the remote possibility you might lose in all that competition?

    47. Re: Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Anyone can kill a person. It takes everyone to kill a government.

      [Not the same AC]

      Which is why it was incongruous to compare a single deer rifle with (a presumably large subset of) twitter in your prior post. If you can point to a single tweet taking down a government (by itself without other tweets), then you've made a strong argument contrasting its effectiveness with a single deer rifle.

      - T

    48. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: 1

      Of course I don't either, but that's also because who runs a district is pretty irrelevant to a discussion of whether district, state and federal policy combinations are leading to a particular outcome.

      See Baltimore for demonstrable reproof of your simplistic belief. The results of poor leadership are happening every day. But the idiot mayor won't be held into account by the voters, and the Police Commissioner just got scapegoated.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    49. Re:Statism vs. Libertarianism again by Archangel+Michael · · Score: 1

      Hey, just an FYI, two minutes on this thing called "Google" found the exact page that was 404ed, probably due to a website reconfiguration by the FBI (like going to HTTPS)!

      https://www.fbi.gov/about-us/c...

      So, does this new information change your snarky attitude?

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    50. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      Do you also reject the free market, because of the remote possibility you might lose in all that competition?

      Competition isn't the only game in free markets.

    51. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      Do you decide to work more or less of your life, or to work riskier or less risky jobs because of the legal theory of making someone whole? And there are a host of risky activities done merely for the thrills, like sky diving or skiing.

    52. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      I guess the bottom line is that there are a variety of harms you can't make whole just by paying money or other restitution, such as death. It's not possible to spend money to reverse someone's death and make them whole (that is, put them back in the position they were in before the harm occurred). So by that legal theory, human life has value that can't be quantified with money. But in practice, we don't act like our lives have infinite value.

    53. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      Yes, but only because you can't be ordered to pay infinite money. We are forced by reality to make the plaintiff whole in the financial sense only.

      However, that doesn't make the comparison of financial loss to loss of life correct or proper since the loss of life also carries an irreparable harm.

    54. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      The law treats willingly accepted risks differently from imposed risks.

    55. Re:Statism vs. Libertarianism again by Anonymous Coward · · Score: 0

      Ok, so there are even more possibilities for you to not succeed on the free market. So do you reject free markets out of your fear of failure?

    56. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      And my point is that the scenario does not.

    57. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      Ok, so there are even more possibilities for you to not succeed on the free market.

      Of course not. I refer instead to the satisfying of wants. You won't fail to buy and eat a hamburger because khallow outcompeted you for your hunger or the money in your pocket.

    58. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      However, that doesn't make the comparison of financial loss to loss of life correct or proper since the loss of life also carries an irreparable harm.

      Huge financial losses are also irreparable.

    59. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      In practice, they sometimes can't be repaid, but loss of life cannot be properly compensated even in theory.

    60. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      In practice, they sometimes can't be repaid, but loss of life cannot be properly compensated even in theory.

      Unless you're not following that legal theory. And "practice" is what you are actually doing.

    61. Re:Statism vs. Libertarianism again by sjames · · Score: 1

      It doesn't matter what legal theory you're following. The theory of making the plaintiff whole sets policy in a civil suit, it doesn't alter the facts.

    62. Re:Statism vs. Libertarianism again by khallow · · Score: 1

      The theory of making the plaintiff whole sets policy in a civil suit, it doesn't alter the facts.

      I agree. We aren't and can't fully follow the "making one whole" theory however. And I consider that particularly relevant to the discussion of what happens when one destroys actual wealth (if only by making society a bit less efficient).

  2. You mean, like *all* governments? by NotDrWho · · Score: 4, Interesting

    experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians.

    Are their any governments left that DON'T do this as a matter of practice?

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:You mean, like *all* governments? by blueg3 · · Score: 1

      Do you think the US and UK treat journalists and human rights activists the same way they are treated in Egypt and Sudan?

    2. Re:You mean, like *all* governments? by Anonymous Coward · · Score: -1

      Well, they're still bombing the crap out of civilians in other countries. Without any declaration of war...

    3. Re:You mean, like *all* governments? by GuB-42 · · Score: 1

      Are their any governments left that DON'T do this as a matter of practice?

      Greece, because they don't have the money.

    4. Re:You mean, like *all* governments? by penguinoid · · Score: 1

      Do you think the US and UK treat journalists and human rights activists the same way they are treated in Egypt and Sudan?

      Depends on whether the human rights activists are fighting oppressors the US likes, or doesn't like.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    5. Re:You mean, like *all* governments? by NotDrWho · · Score: 2

      Do you think the US and UK treat journalists and human rights activists the same way they are treated in Egypt and Sudan?

      Of course not. When it comes to using spyware and backdoors to spy on journalists, the US and UK are *MUCH* worse.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
  3. It's hard...but.... by Anonymous Coward · · Score: 0

    You can use open-source software, in which security is truly a matter of public accountability.

    1. Re: It's hard...but.... by Anonymous Coward · · Score: 0

      It's already essentially open source and no, it will not harm security. Leaving it sealed/hidden harm security.

  4. Overdue for regulation. by Anonymous Coward · · Score: 0

    These companies are essentially arms dealers. Why aren't they regulated? Why are there no export controls on their products? When PGP first came out it was treated as a weapon by the US government because it protected people's digital communications. Now there are companies selling products specifically designed to gain illegal control of other people's computers and monitor their communications and it's perfectly ok? When governments break their own laws they encourage lawlessness. That is the situation we are in today.

    1. Re: Overdue for regulation. by Anonymous Coward · · Score: 0

      Apparently you didn't look at their customer list. I found it interesting that China was not on the list. Espionage has went on for hundreds of years or longer. It's stupid to think US laws are going to prevent anything other than hinder US businesses in relation to foreign business.

  5. de haxx0rz g0t haxx0red nao by Anonymous Coward · · Score: -1

    butthurt errywear

  6. Legislation by Anonymous Coward · · Score: 0

    This is yet another example why we need to ignore the authorities and form our own communications, encryption and Internet.

    Internet 3 needs to be...
    A mesh network, so individual companies and governments can't control it.
    All communications need to be encrypted.
    without any dependence or need of DNS.
    Without a need for ICANN or any other registration entity.
    Developed by everybody.

    1. Re:Legislation by Anonymous Coward · · Score: 0

      So hostfile everything? Or do you have a better DNS solution?

    2. Re:Legislation by Anonymous Coward · · Score: 0

      .bit works really well.

    3. Re:Legislation by Anonymous Coward · · Score: 0

      Now you've done it.

      You know who is going to show up now.

    4. Re:Legislation by Ash-Fox · · Score: 1

      .bit works really well.

      I haven't ever used a website using .bit, anecdotally, it doesn't seem to be working that well.

      --
      Change is certain; progress is not obligatory.
  7. Laws ? by Anonymous Coward · · Score: 0

    There are laws against the use of virusses, exploits, or any other method as a mean to get unauthorized accesses to computers.

    "Hacking Team" is then provably a bunch of criminals, which should face justice.

  8. You cannot regulate cyberweapons. by JonathanP.Bennett · · Score: 5, Interesting

    First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.

    Second, you cannot regulate them as they are immaterial. It would be possible to discover a previously unknown vulnerability, and then not record the finding anywhere. Congratulations, you have a cyberweapon in your brain. Good luck regulating that.

    1. Re:You cannot regulate cyberweapons. by thedavidcathey · · Score: 2

      The EFF is right, since if written poorly, 'ping -f' could be considered a cyber-weapon, and one that's widely distributed by many open source O/S platforms.

    2. Re:You cannot regulate cyberweapons. by Anonymous Coward · · Score: 0

      >Exploits are only possible because of flaws in the code.

      Bullets are only effective because of flaws in the flesh. You can use a firearm to tenderize porcupine meatus or scratch your back, it's not always a weapon. It's all in how you use it.

    3. Re:You cannot regulate cyberweapons. by Xylantiel · · Score: 1

      While the term "cyberweapon" is ludicrous, I think there is still a valid question concerning what the legal consequences are of selling zero-day vulnerabilities or tools that use them. Is it even illegal? Or is only illegal if they are used for an illegal activity? And if that is the case, how is illegal activity defined in an international governmental context? This will likely all get worked out by case law, but maybe it would help to write or revise some laws as well.

    4. Re:You cannot regulate cyberweapons. by Anonymous Coward · · Score: 0

      Nothing illegal in disclosing 0-day vulnerabilities - free speech! Using 0-day exploits to test security in your own systems is perfectly ok too. Abusing 0-day exploits is illegal, because then you're destroying someone elses property or disrupting their work.

      If you don't like 0-day exploits, go with software that has a history of few exploits and a history of getting patched quickly. Don't go with sw with a history of bugs galore, ignoring bug reports until virus floods forces them to react and so on. Or even being so bad as to require third-party add-ons to be safe on the internet.

      Choosing the best sw for the job, is also about choosing something reliable & robust. "Pretty" won't cut it, if it falls apart.

    5. Re:You cannot regulate cyberweapons. by amicusNYCL · · Score: 1

      You're conflating the vulnerability with the weapon. The weapon is not the vulnerability, the weapon is the piece of code that exploits or attacks the vulnerability. Those pieces of code are most certainly material.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    6. Re:You cannot regulate cyberweapons. by phantomfive · · Score: 2

      You can use a firearm to....scratch your back

      Wow, some people really shouldn't be gun owners.

      --
      "First they came for the slanderers and i said nothing."
    7. Re:You cannot regulate cyberweapons. by penguinoid · · Score: 1

      First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.

      I also find the idea of lockpicks laughable. Lockpicking is only possible because of fundamental design flaws in locks. They are no more a weapon in a thief/spy's arsenal than an unlocked door.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    8. Re:You cannot regulate cyberweapons. by AmiMoJo · · Score: 1

      Exploits are not cyberweapons. That's not what the word means.

      Look at what this company offers. It's a suit of software, with on-going updates and support, designed to make attacks on people's computers. It's a number of exploits that have been turned into a useful and complex tool, supported and maintained. They will even sell you boxes with it pre-installed and set up for your needs, just plug in and start oppressing.

      Regulating such things is easy. They require significant amounts of work to develop, and on-going support to keep them working (because exploits eventually get patched, samples of the software eventually gets into the hands of anti-virus companies etc.) It's a sizeable commercial operation. Sure, maybe some guy could build an F16 in is garage, but normally it requires a large and easy to regulate operation to do it.

      Also, they helpfully advertise the fact that they manufacture and sell cyberweapons on the internet, so it's not even hard to find and jail people who violate UN sanctions or weapons export licences.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  9. What happened to Slashdot Firehose by Anonymous Coward · · Score: -1

    Like the Subject says... What happened to Slashdot Firehose?

    http://slashdot.org/firehose is 404

    1. Re:What happened to Slashdot Firehose by Anonymous Coward · · Score: 0

      Viva la beta!

  10. Their customers are governments. by ErikTheRed · · Score: 1

    So, who, effectively, is going to regulate them? They'll just find a place where the regulatory regime will permit (if not actively encourage) their activities. The regulation argument is hilarious.

    --

    Help save the critically endangered Blue Iguana
    1. Re:Their customers are governments. by Fire_Wraith · · Score: 1

      Regulation isn't the answer, no - you can't get rid of them that way any more than you can get rid of weapons. The ones that we've been successful at banning are the ones nobody really saw as being effective or necessary anyway (Chemical weapons, and some countries have gotten rid of land mines - but not the ones with heavily fortified armed borders).

      That said, it's an imperfect analogy. I can't make myself and everyone else immune to a 5.56mm round from a rifle simply by knowing about its existence, what it does, and writing up some code to block it. "Cyberweapons" (pardon the use of such a ridiculous term) only work against two types of targets, those who don't know about the vulnerability being attacked, and those who haven't sufficiently patched it (for a variety of reasons).

      Part of the core problem is that the same governments who should be working to protect us from these attacks are instead hoarding the knowledge of those vulnerabilities to use them in an offensive manner. This leaves us more vulnerable than we ought to be, both against criminals, and government attackers (including our own).

  11. What the hell? by cHiphead · · Score: 1

    What fight to regulate cyberweapons? What cyberweapons? Jesus are people really that nuts now?

    --

    This is my sig. There are many like it, but this one is mine.
  12. Of course it won't regulate itself by quantaman · · Score: 1

    Regulation's backers say that "this is an industry that has failed to police itself,"

    Would you expect liquor stores to self-regulate and decide the drinking age is too low?

    Self-regulation might work for some cheap and easy things, but no industry is going to refuse to sell to a massive portion of the market voluntarily. If you want to stop them you need legal enforcement.

    --
    I stole this Sig
  13. stop Western technology companies by Ryanrule · · Score: 1

    ahem, agenda much?

    1. Re:stop Western technology companies by Nutria · · Score: 1

      Of course not!! *Obviously* the Chinese and Russian governments have have a long history of secular humanism and effective promotion of their citizens' welfare.

      (Oh, wait. That's Denmark & Sweden back when they didn't have many dark-skinned immigrants.)

      --
      "I don't know, therefore Aliens" Wafflebox1
  14. Wasn't their a rule about selling exploits? by St.Creed · · Score: 1

    They were basically selling zero day exploits in pre-packaged kits to anyone with money. So... is that legal? Because it sounds like a winner.

    --
    Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    1. Re:Wasn't their a rule about selling exploits? by horm · · Score: 2, Insightful

      Considering they're based out of Milan, I doubt they were that concerned about US regulations.

    2. Re:Wasn't their a rule about selling exploits? by St.Creed · · Score: 1

      The EU is not a lawless wasteland - although it may seem like it on some days :)

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    3. Re:Wasn't their a rule about selling exploits? by Anonymous Coward · · Score: 0

      The EU is not a lawless wasteland

      No, but that doesn't matter. Americans has the right to bear arms, you see. So clearly, they must have somewhere to buy from.

  15. Yet again Adobe by Virtucon · · Score: 5, Insightful

    Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.

    This company needs to just be banned from producing any software, period, unless they provide the source code as well.

     

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:Yet again Adobe by Anonymous Coward · · Score: 0

      Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.

      This company needs to just be banned from producing any software, period, unless they provide the source code as well.

      I am shocked that you imply Adobe has engineering practices.

      If it my bank for login/2 factor and credit cards for their one of card generation did not require Flash I would have no Adobe "products" installed on any of my computers. With SumatraPDF, etc. there is no real reason for Adobe Reader being installed.

    2. Re:Yet again Adobe by Anonymous Coward · · Score: 0

      What makes you think that these vulnerabilites were not deliberately introduced by undercover NSA agents ?

    3. Re:Yet again Adobe by amicusNYCL · · Score: 1

      This company needs to just be banned from producing any software, period, unless they provide the source code as well.

      And you should be banned from holding any public office.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    4. Re:Yet again Adobe by antdude · · Score: 1

      What about other companies? :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    5. Re:Yet again Adobe by coofercat · · Score: 1

      Their CQ (now AEM) website CMS product also has more holes than a sieve. When they produce 'security packs', they refuse to tell you what areas they touch with it "for your security". In other words, they just give you a binary blob that may, or may not, break random aspects of your application but don't tell you what areas to test. Funnily enough, this isn't something Gartner bothered to look into before they took the money to put CQ into the 'magic quadrant'.

      It's not so much they can't write code, its that they can't manage themselves in any meaningful way. Anyone buying Adobe products for anything important needs their head examining.

    6. Re:Yet again Adobe by AmiMoJo · · Score: 1

      Do we even need Adobe software any more? Okay, they do some good productivity stuff, but all the vulnerabilities are in Flash and Reader. Flash has been replaced by HTML 5, and is mostly used for adverts anyway. Chrome seems to have the right idea, built it in and heavily sandbox it if you have to run it at all. Reader is just crapware for the most part, it offers nothing that other more secure software does. In fact I'd recommend pdf.js instead of their browser plug-in, for improved browser security.

      Oh, and there is Java I suppose... No need to have that in the browser, which cuts the attack surface right down. Shame it's needed for some desktop apps.

      Seems like the best option is to simply uninstall Adobe software.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  16. And their security manager was growing bored... by Anonymous Coward · · Score: 0

    In a leaked Whatsapp conversation, HT systems and security manager Christian Pozzi complained in April 2015 to a friend that he was growing "bored" at work and his boss, noticing this, was going to assign him "something to do" as an alternative to chatting and playing fantasy soccer games. Pozzi is also known for his wide use of passwords such as "Passw0rd". A truly gifted security manager, I must say.

  17. Steve Jobs argument and time-damage... by tlambert · · Score: 2

    The key difference is that if you spend an hour sorting out your credit card you continue to live the rest of your life afterwards with few ill effects.

    Steve Jobs persuaded an engineer to reduce boot time lower than the engineer though possible by making the equivalence argument. It goes something like this:

    Average human life expectancy is 71 years.

    Humans are on average conscious for 16 hours per day.

    Doing the math, this means you would only have to force 414,915 people to spend an hour "sorting out their credit card" before you've effectively done the equivalent time-damage of killing someone.

    1. Re:Steve Jobs argument and time-damage... by AmiMoJo · · Score: 1

      You are completely missing the point. An hour wasted for half a million people is not equivalent to the loss of one life, at least not for the person who died or their family and friends. The loss of premature death cannot be measured in monetary or man-hour terms. The courts only look at it that way because they can't bring the person back to life, so money is the only way to compensate.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  18. hacking is illegal by Anonymous Coward · · Score: 0

    There are laws in the United States that makes computer hacking illegal. Corporations suffering losses to attacks with these tools are used should sue for damages.

    1. Re:hacking is illegal by Anonymous Coward · · Score: 0

      So when someone gets shot by a gun, the gun manufacturer should be sued, along with the shooter?

  19. 3 things about this debacle that I wonder about by Anonymous Coward · · Score: 0

    1. Did Hacking Team realize and develop all their own exploits or is any of it 3rd-party?
    2. Does Hacking Team surreptitiously gain the fruits of their clients' labor 'by proxy'?
    3. Is the person(s) that hacked Hacking Team excluding some serious things from the data release?

  20. She loves you yeah yeah yeah by Anonymous Coward · · Score: 0

    News: New Adobe Flash plugin released!

    Response: Sorry guys, closed some backdoors... I mean remote exploitable vulns!

    #

    News: New Adobe Flash plugin released!

    Response: Sorry guys, closed some additional backdoors... I mean remote exploitable vulns!

    #

    News: New Adobe Flash plugin released!

    Response: Hey guys, closed some additional backdoors... I mean remote exploitable vulns!

    #

    Because who fucking audits their code? I can only imagine what is slipped in under the radar between the rapid version releases.

  21. The Problem: code not seeing the light of day... by Lodragandraoidh · · Score: 1

    The real problem here is willingness to fund what is necessary - refactoring all code used in critical systems to ensure they are secure - and to maintain that approach over time in an iterative basis.

    We should touch code (at least to review it) - every year - which research indicates is the sweet spot for zero-day exploits. We get more benefits if we refactor the code - effectively resetting the clock for exploit writers to find a new zero day, and develop applications to exploit it.

    Working in IT today, I can tell you from experience no one is willing to spend money to constantly refactor code without delivering new functionality (read 'revenue generating functionality'). This approach also is counterintuitive to software engineers trained to value code reuse over rewriting or building new solutions.

    Instead, they focus on cosmetic bandaids - such as firewalls, antivirus, patch updates, and policy management. All of these things are important - but in the scheme of things will not stop a zero day exploit - particularly given that most patches for zero days are not available until the zero day is discovered - and then the time it takes the developer/company in question to put out a fix - on average 6 months to a year after the zero day is discovered and reported. Meanwhile the network is wide open to anyone who has figured it out (which is roughly 6 months to a year after a new piece of software is deployed on the network). The problem is related more to how humans learn systems than any particular coding practice. Your code refactor efforts just need to fall inside of that curve - leading rather than following.

    Finally - the proposed fixes, such as more regulations, will not fix the problem - and will only serve to drive people out of the business, at the precise time when we need more developers than ever to address the problem effectively.

    Steps:

    1. Pay for what is needed in IT instead of being cheap. If you get more specific regulation of this - you might not have a choice (e.g. Sarbanes-Oxley)

    2. Let your developers as a whole spend some time on evaluating code - the more eyeballs you have the better.

    3. Move away from expensive water-fall projects to more flexible agile methods, and adjust your funding protocols to match.

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  22. Logical conclusion by ThatsNotPudding · · Score: 1

    Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.

    Follow the facts to the obvious conclusion: Adobe is being *paid* to add exploits to one of the most ubiquitous pieces of software on the net - tellingly even a requirement for some banking and bill paying sites. Given this seemingly endless fountain of suck, the only logical answer: Adobe is an NSA shop.

  23. Re:The Problem: code not seeing the light of day.. by Anonymous Coward · · Score: 0

    I'd agree this makes some sense if you assume that attempts to refactor software do not introduce new chances for bugs/vulnerabilities.

    I'd also like to assume that were I to walk by her on the street, Natalie Portman would immediately turn and jump my bones, in front of my wife, who would loudly cheer me on.

  24. Re:The Problem: code not seeing the light of day.. by Anonymous Coward · · Score: 0

    I'd argue that its more important that people who chose to code as a profession, are competent in addressing security issues in the design phase. With competent design & practices, it makes the bandaids near irrelevant. A refactor is a way of saying the design stinks.

  25. Prosecute first lest the crooks join the mafia by jnv11 · · Score: 1

    First, the members of the Hacking Team that knew about the sales to embargoed countries should be prosecuted. Then worry about how to regulate cyber weapons. Otherwise, the most evil of the members (i.e. the ones who knew about the selling to genocidal governments like Sudan) might just go into hiding and offer their services to other evil organizations like the mafia.

  26. Even I don't "hosts file everything"... apk by Anonymous Coward · · Score: 0

    See subject: I do put where you spend most of your time online in hosts (favorite sites) @ the TOP of your custom hosts file though - this is IN COMBINATION with DNS!

    (OpenDNS specifically since they filter out online threats as I do in my hosts file & they are patched vs. the Kaminsky redirect poisoning flaw here @ home (I never could use them as my DNS with ActiveDirectory networks 'on the job', though)).

    Thus, DNS & hosts COMPLIMENT ONE ANOTHER for more speed, security, & reliability online!

    (I use DNS for rare sub 4% of the time lookups I have to do, the other 95++% of my time online is spent @ favorite sites in my hosts file, which are verified as correct via REVERSE DNS PINGS in APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o... )

    Hardcoding your favorites not only increases speed, + security BUT it also LIGHTENS REMOTE DNS SERVER LOADS too (which DNS admins ought to love actually), & also increases RELIABILITY online vs. redirect poisoned DNS servers (of which 99.999% of ISP dns servers are NOT PATCHED AGAINST mind you), OR vs. "downed" dns servers too!

    APK

    P.S.=> It's great stuff using hosts & OpenDNS in combination for BOTH added in memory cached speed + reliability too!

    However/again - even I don't attempt to put "every site under the sun" into my custom hosts file (the BULK of my file is 3,776,625++ KNOWN BAD SITES or botnet C&C servers, & only ~24 favorite sites currently @ the top of it for BEST resolver speed in RAM)... apk

  27. Re:The Problem: code not seeing the light of day.. by Lodragandraoidh · · Score: 1

    People are not perfect automatons - therefore you always run the risk, and probably will see new bugs and vulnerabilities. However, that is okay - in the sense that it will still reset the clock (assuming you caught the existing zero days in the process). Now the hackers will have to start over - and it will take them another 6 to 12 months to figure out an exploit to the bugs you introduced - assuming they are actually exploitable. Therefore it makes sense to review and refactor code on a recurring basis. The benefits outweigh the costs.

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  28. Re:The Problem: code not seeing the light of day.. by Lodragandraoidh · · Score: 1

    Ensuring all developers in the industry are competent is a pipe dream. Take a look at the most exacting careers you can think of - and you'll find varying levels of competence.

    People are imperfect (in the sense that they can have a bad day, and let typos slip by from time to time - even the very best of us). Additionally the real software lifecycle is not like frozen water. It is more like all the different states of water - solid, liquid, and gas, changing as its environment changes on a continuum from birth to death.

    I agree we should do something. I think that 'something' should be more than just training and hoping they use what they've learned.

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain