Slashdot Mirror
Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons
Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.
experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians.
Are their any governments left that DON'T do this as a matter of practice?
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Wait, why? Why does that have to be so black and white? There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.
First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.
Second, you cannot regulate them as they are immaterial. It would be possible to discover a previously unknown vulnerability, and then not record the finding anywhere. Congratulations, you have a cyberweapon in your brain. Good luck regulating that.
Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.
Am I allowed to oppose dumping raw mercury into rivers & streams, if I support freedom to travel by airplane? After all, both are forms of pollution in the same sense that computers and guns can both be used as weapons.
This is nuts. The industry has been working hard on this (and the large quantity of security, firewall, anti-virus speaks to that), but it's a difficult problem. Do you really think the bad actors (individuals, groups, and governments) are going to dissuaded by some regulation?
You are allowed to dislike anything you want. What you do about it, however, needs to be consistent. If you want government to fight pollution, for example, you should support governmental efforts to fight all of it. If, instead, you prefer the problem be solved by boycotts and lawsuits by the people actually suffering from the ill-effects, then that too view should, also apply to all kinds of pollution.
That said, could you not have come up with a less contrived example? Raw mercury is too valuable for anybody to just dump it into a river...
In Soviet Washington the swamp drains you.
Why should an ideological stance on the regulation of guns and computers be the same? They clearly are different tools with much different uses.
I think you are wrong about that. The ideological stance on gun ownership in the bill of rights had a lot to do with empowering people to overthrow their corrupt government. Guns no longer have that power for the most part. Computers do. When was the last time a Deer Rifle toppled a world power? When was the last time twitter did? The answer is 2011 Or maybe even 2014
Computers aren't the same thing as guns, in fact they are a lot more powerful.
> You are more likely to be killed driving home tonight.
That's why I tell my employer I have to get home before sunset.
Pull my finger for my public key.
Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.
This company needs to just be banned from producing any software, period, unless they provide the source code as well.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
> If you take out the liberal run towns with the highest gun violence, you'll find that gun deaths are indeed fairly rare.
Ah, there it is, that's the real reason for your argument. See I was missing how you were equating identity theft (which while a headache is less of a headache than death) with getting shot, but then I realized that this was your opportunity to take a jab at liberals.
You're twisting information to suite your narrative. You've also neglected to mention that (based on whatever uncited source you're claiming to get your information about gun crimes from) that Republican led states have much higher levels of crime than Democrat states. This information was based off of the analysis of the 2008 Uniform Crime Reports. You can find that analysis here: http://editions.lib.umn.edu/sm...
Of course there's also more recent studies (seen here: https://www.americanprogress.o...) that show a link between lax gun laws and higher gun crime rates. More directly it shows that states with the highest gun crimes (which are typically conservative states) have the highest crime rates. In fact Alaska, Louisiana, Montana, and Alabama rank higher (per capita) in firearm deaths than Democratic states. For comparison while all of the above states were at least 4 points above the national average of 10.26 deaths/100,000 people Illinois was ~2 points LOWER than the national average.
I suppose it's easier to just throw out random uncited sources and half-baked facts without researching the overall data. Especially when your entire goal is to slander a political view that you apparently disagree with. But the short of the long is that none of the above discussion is a valid answer on why everything should be black and white. I personally think you're just trolling -- even if it's not a conscious decision to troll.
You do your cause no good when you edit out crucial words.
The actual quote: "A foolish consistency is the hobgoblin of little minds".
"I don't know, therefore Aliens" Wafflebox1
Considering they're based out of Milan, I doubt they were that concerned about US regulations.
I think he is right to do. Human life clearly has a dollar value. I would argue not an especially high one either. Consider there are 8 Billion of us. You can't get much more commodity than that. The world as a whole would arguable be better off with fewer people too.
Value has a great deal to do with what has been invested in them in terms of education, care, feeding etc. Than you need to consider things like survival rates. Certainly a healthy teenager is more valuable than a newborn. Much of the risk premature death has been removed, as has the possibility for many debilitating conditions being unknown. We can make a lot assumptions about future productivity as well based on physic, intelligence, etc.
While we can never say Bob over there is worth a half a million but we can certainly say in the abstract sense the average 22 year old native born American is worth $X. To that end we can measure the cost of the NYSE being down in lives.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
There's a world of difference between an adobe flash exploit and the availability of a gun that can mow down a large number of people in a matter of seconds.
There is not. Shutting down NYSE [slashdot.org], for example, cost billions of dollars. At $10 mln per life [wikipedia.org], that's hundreds of lives right there...
Are you making a serious argument in comparing people getting shot and the NYSE shutdown? This is the hill that you're going to make your stand on?
It's a very poor example but a valid point. A much better example would be fraud [identity theft], ransomware, spam, etc. With computers you can easily steal time from people on an unimaginable scale.
Suppose someone hacks me, and I get off relatively "easy". I may spend 1 hour of my time canceling a credit card, activating the new card when it comes, and changing all the passwords of all the accounts that the credit card number is associated with. That's probably on the very low end of what a hack can cost an individual.
The hacker doesn't stop there. They repeat their act 1,000,000 times. That's a fairly successful and prolific hacker, but not unheard of, espeicially if the attack vector is a business. At just an hour apiece per victim, 1 million victims is 114 total man-years spent cleaning up. Nobody died, but an entire lifetime has been stolen.
The Target hack(s) affected "up to 110 million people". If we take that figure at face value, and each victim spent only an hour dealing with it, that's 12,557 years or roughly 148 lifetimes. Even if I count injured people, I can't find a mass shooting that comes anywhere near 148 lifetimes.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
"High crime in Republican states" can mean high crime in Democratic-run areas within Republican states.
For the people that think my post is a troll:
http://dailycaller.com/2012/04...
http://townhall.com/tipsheet/k...
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
You forgot to include the usual Illiberal imploration to Please, don't hate.
In Soviet Washington the swamp drains you.
The key difference is that if you spend an hour sorting out your credit card you continue to live the rest of your life afterwards with few ill effects.
Steve Jobs persuaded an engineer to reduce boot time lower than the engineer though possible by making the equivalence argument. It goes something like this:
Average human life expectancy is 71 years.
Humans are on average conscious for 16 hours per day.
Doing the math, this means you would only have to force 414,915 people to spend an hour "sorting out their credit card" before you've effectively done the equivalent time-damage of killing someone.
Shutting down NYSE changes the distribution of some electronic assets, a cost for some and a gain for others ... I wouldn't even be 100% certain the attack decreased GDP.