Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Breach Leaks Zero-Days, Renews Fight To Regulate Cyberweapons

Posted by samzenpus on from the here-comes-the-fallout dept.

Patrick O'Neill writes: In the days following a massive hack that confirmed Hacking Team's dealings with repressive regimes around the world, experts are wondering once again how to stop Western technology companies from equipping certain governments with weapons meant to attack journalists, human rights activists, and ordinary civilians. Regulation's backers say that "this is an industry that has failed to police itself," ACLU's Christopher Soghoian argued, but many including the EFF warn that overly broad legislation would harm more than help. In addition, wiredmikey points out that a number of exploits have been released in the wake of the hacking: Several exploits have been discovered, including ones for zero-day vulnerabilities, in the hundreds of gigabytes of data stolen by a hacker from the systems of surveillance software maker Hacking Team. Researchers at Trend Micro analyzed the leaked data and uncovered several exploits, including two zero-days for Adobe Flash Player. A readme document found alongside proof-of-concept (PoC) code for one of the Flash Player zero-days describes the vulnerability as "the most beautiful Flash bug for the last four years since CVE-2010-2161." In addition to the Flash Player exploits, researchers spotted an exploit for a Windows kernel vulnerability, a flaw that fortunately has already been patched. Adobe told SecurityWeek that it's aware of the reports and expects to release a patch on Wednesday.

3 of 123 comments (clear)

  1. You cannot regulate cyberweapons. by JonathanP.Bennett · · Score: 5, Interesting

    First, the entire idea of cyberweapons is laughable. Exploits are only possible because of flaws in the code. That is no more a weapon than an unlocked door.

    Second, you cannot regulate them as they are immaterial. It would be possible to discover a previously unknown vulnerability, and then not record the finding anywhere. Congratulations, you have a cyberweapon in your brain. Good luck regulating that.

  2. Re:Statism vs. Libertarianism again by 6ULDV8 · · Score: 5, Funny

    > You are more likely to be killed driving home tonight.

    That's why I tell my employer I have to get home before sunset.

    --
    Pull my finger for my public key.
  3. Yet again Adobe by Virtucon · · Score: 5, Insightful

    Is it just me or does Adobe's software have the worst engineering practices practices in the industry. Every other fucking week there's an Adobe vulnerability. Scratch your ass, Adobe Vulnerability. Sneeze? Adobe Vulnerability. Walk your dog? Adobe Vulnerability.

    This company needs to just be banned from producing any software, period, unless they provide the source code as well.

     

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"