Slashdot Mirror

← Back to Stories (view on slashdot.org)

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com)

Posted by EditorDavid on from the secrets-about-secrets dept.

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."

121 of 228 comments (clear)

  1. This is extortion by Anonymous Coward · · Score: 5, Informative

    This is extortion. It's one thing to disclose leaked information to expose corruption, which is something good journalists do. However, journalism doesn't involve using leaked information as leverage to make demands. That is called extortion or blackmail. Wikileaks has shown that, at best, it's a criminal organization. I'm dismayed that so many people at Slashdot always rush to defend Wikileaks and Julian Assange in articles like these. It says a lot about the complete lack of character of most of the users on this site, which is also why there is so much tech-related crime. All of you should he ashamed of yourselves.

    1. Re:This is extortion by green1 · · Score: 5, Insightful

      Depends what the agreement is.

      It could simply have been, we'll disclose this to you, if you promise not to sue us for posting it publicly after 90 days. That would be quite reasonable.

      You'r rushing to judge them without all the facts. But that's in vogue these days.

    2. Re:This is extortion by Anonymous Coward · · Score: 1

      Did you not read the part where it says that nobody really knows what demands are being met? Given the past abuses of the CFAA, this could be something as simple as "you will not hold wikileaks responsible for the contents or means of finding the vulnerability information, nor will we be held accountable for the illegal means in which the information was gathered by the CIA". IANAL, but I'd guess that including such a clause would be wise, given the aggressive application of judicial power used against wikileaks in the past.

    3. Re: This is extortion by Anonymous Coward · · Score: 1

      What are they extorting?

    4. Re:This is extortion by Megol · · Score: 5, Interesting

      I wonder why wikileaks doesn't leak the agreement terms?

    5. Re:This is extortion by Anonymous Coward · · Score: 1

      I wonder why wikileaks doesn't leak the agreement terms?

      maybe so somebody can say this:

      You'r rushing to judge them without all the facts. But that's in vogue these days.

      :p

    6. Re: This is extortion by Entrope · · Score: 4, Interesting

      Has any software vendor of note tried to sue people for public disclosure of security flaws? If so, what was the outcome?

      I struggle to see a good-faith reason for WikiLeaks to require agreement to any terms before they tell vendors about these flaws. It gives the impression that they want the bugs to stay open and/or have a political stick to beat the vendors with.

    7. Re:This is extortion by NatasRevol · · Score: 1

      It's wikileaks fault all the facts aren't out. They have all the cards, and are only showing some, so fuck them.

      --
      There are two types of people in the world: Those who crave closure
    8. Re:This is extortion by Anubis+IV · · Score: 4, Insightful

      Regardless, what of it? Extortion is wrong. Period. The fact that someone else extorted first doesn't make your extortion of others right.

    9. Re:This is extortion by Clived · · Score: 1

      I agree, looks like we are starting to see Julian's true colours. He lost my support around the US election for bullshit like this. I am ashamed of you Mr. Ashange

      --
      Clive DaSilva Email: clive.dasilva@gmail.com Ubuntu 18.10 Kernel 4.18
    10. Re:This is extortion by Mephistophocles · · Score: 4, Interesting

      This is extortion.

      No, it isn't. Extortion is defined as the use of force or threat to achieve a gain of some sort for the party threatening the use of force (i.e., I put a gun to your head and say "I won't shoot you if you give me $100, otherwise I will").

      It also isn't blackmail unless Wikileaks is attempting to achieve some sort of gain for themselves by threatening to release the information publicly unless these companies fail to pay them.

      In other words, if wikileaks isn't gaining anything (money etc) from this, it isn't extortion or blackmail. It's Wikileaks allowing the tech companies to fix the holes the CIA created before they release information about those holes to the general public - thereby possibly allowing the tech companies to save face. That makes sense, since it's quite possible that it's no fault of any of these companies that the CIA decided to completely trash their products in the name of spying on everyone. The damage is already done, in other words, and there's really nothing stopping Wikileaks from just telling the world what the damage is. It's kind of nice of them to give Microsoft etc some breathing room first, so that when they do release details on the damage done, they can also include information that shows these tech companies have already fixed the problems.

      --
      Deja Moo: The distinct feeling that you've heard this bull before.
    11. Re:This is extortion by Anonymous Coward · · Score: 2, Insightful

      So when Wikileaks releases raw dumps of leaked data, they get criticized because the data wasn't "curated" and personal information like cc numbers, phone numbers and addresses, social security, etc. are exposed. But when Wikileaks holds back information because the information contains sensitive and potentially harmful data , they get criticized. Wish you critics would make up your fucking mind.

    12. Re:This is extortion by bill_mcgonigle · · Score: 5, Interesting

      Wish you critics would make up your fucking mind.

      You expect the CIA to not have professional complainers on the Internet? Cute. Look above and you have a guy who admits he does work for the "Navy" calling Wikileaks extortionists already (that word does not mean what he thinks it means).

      We can be quite sure Wikileaks isn't asking for anything for themselves for the disclosure (because they never have) - it seems like they must be asking for something for the users in return or they could just do a Project Zero type of disclosure.

      MoFo obviously didn't have a problem with the terms, so it's not going to be something against user freedom (say what you want about Rust and WebExtensions, they get the freedom part mostly right). But MoFo doesn't have an ongoing private relationship with intelligence agencies, and that's what they claim the issue is about, so it passes the smell test. n.b. Wikileaks is apparently leveraging one disclosure for another disclosure.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    13. Re:This is extortion by Anonymous Coward · · Score: 2, Insightful

      Why don't the tech companies that received the emails do it? The sources from the stories obviously are employees from the companies contacted and spoke to the journalist. Why don't they leak the agreement terms?

    14. Re:This is extortion by Anonymous Coward · · Score: 5, Informative

      Regardless, what of it? Extortion is wrong. Period. The fact that someone else extorted first doesn't make your extortion of others right.

      Regardless of what world you may personally live in, be aware that people of integrity follow certain protocols. In this case, Assange did not even need to ask and could have simply released the material. However, he put it to a public vote as to what should happen.

      The public voted that the material should be released to the technology companies. As part of that, there are certain conditions that a company is expected to follow, such as ensuring that the bug is patched within 90 days. Now, Anubus IV, why do you think that might be? I'll tell you, as it obviously flew over your head. The reason they have the 90-day window is so that WikiLeaks can release the material after that window has passed, and know that what is being released won't cause a metric tonne of exploits to suddenly be available to every machiavellian individual on the planet.

      Is that extortion? No, that is prudence and not being a dick.

      For the record, I voted against it being reported to the technology companies, as I know they are the problem. That Microsoft is framing matters the way they are, only serves to prove my point; they have chosen to be dicks, and invariably that is what they do.

    15. Re:This is extortion by The+Real+Dr+John · · Score: 5, Interesting

      How can anyone say this is extortion? Why did Mozzila sign the honesty form ("industry standard responsible disclosure plan,")? Maybe because they are more honest than MS? Maybe because they have nothing to hide? This is an attempt to shame the cowardly tech giants that have been in on this crap from the beginning. Sign the form, fix the holes!

      --
      A brain is a terrible thing to waste... Mind? That's debatable.
    16. Re: This is extortion by AmiMoJo · · Score: 5, Insightful

      They are doing it to find out which vendors are in bed with the CIA. If they won't agree to fix the bug in 90 days up front, chances are it's because they don't want to commit to fixing something that the CIA might be using with their knowledge/support.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re: This is extortion by Entrope · · Score: 5, Insightful

      Equally plausible: They're doing it because they're a front for the Kremlin.

    18. Re:This is extortion by arglebargle_xiv · · Score: 1

      Uhh, did you actually read as far as the second paragraph of the article you're commenting on?

      "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA."

      The information that Wikileaks has made available is still classified, even if it's public. If you work for an organisation that handles government contracts, and some of your employees have security clearances, then you can't receive classified information to help you fix an 0day, even if the classified information is now public. It was the same with the Snowden stuff, if someone had wanted to DoS everyone in the US with a security clearance all they'd have had to do is get one of the TS docs published with security markings intact on the front page of the NYT, LA Times, and so on.

      The reason why Wikileaks has to be so careful is so they don't get the companies receiving the information into trouble. In many cases, when the rules you have to play by are obviously insane, the only winning move will be not to play.

    19. Re: This is extortion by Rei · · Score: 1

      Well, in the past it was cash. And back then it was aid agencies and human rights agencies he was extorting.

      Or maybe he's wanting them to sign some sort of absurd contract like the insane NDAs he used to make Wikileaks members sign.

      --
      Aeris Died For Your Sins.
    20. Re:This is extortion by Anonymous Coward · · Score: 1

      "Extortion is defined as the use of force or threat to achieve a gain of some sort..."
      By suggesting that companies who don't agree to Wikileaks are refusing to do it solely because of government ties, Assange is already threatening damage to their reputations even though he has absolutely no evidence to back that up (or we would have seen it long before now).

      "It also isn't blackmail unless Wikileaks is attempting to achieve some sort of gain for themselves..."
      Without seeing the terms and conditions it is impossible to say that Wikileaks isn't attempting to get some form of gain from this. It may not be financial, but there may be some form of legal protection or indemnification that they are seeking.

      The fact that Wikileaks is expending such effort to demand companies agree to their conditions, and denouncing them when they don't, instead of just releasing the exploits to the companies involved makes me question their values. The fact that Wikileaks is not even making the Conditions of release public reeks of Wikileaks having an ulterior motive.

    21. Re:This is extortion by SwashbucklingCowboy · · Score: 1

      "It could simply have been, we'll disclose this to you, if you promise not to sue us for posting it publicly after 90 days. That would be quite reasonable."

      lol Not a chance in hell. There's no case to sue if they go public with the vulnerabilities. They want something else.

    22. Re:This is extortion by Anubis+IV · · Score: 1, Insightful

      It seems you took my comment as an implicit affirmation that I think this is extortion, but that's not the case. I was merely pointing out the moral flaw in the previous poster's comment. Whether or not this is extortion is being discussed elsewhere, but at least from what I know of the situation, I don't think it is.

    23. Re: This is extortion by TellarHK · · Score: 1

      Until we have the exact demands they're making of companies involved, we don't know that. We need to know exactly what the terms they are asking for are. Full stop. Someone should get them from Mozilla.

      --
      My own pointless vanity vintage computing page
    24. Re:This is extortion by Curunir_wolf · · Score: 1

      Pure BS. No way he's trying to extort money from them. Someone would have posted the terms by now. Not like Mozilla is going to pay up, either.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    25. Re: This is extortion by Curunir_wolf · · Score: 1

      Has any software vendor of note tried to sue people for public disclosure of security flaws? If so, what was the outcome?

      I struggle to see a good-faith reason for WikiLeaks to require agreement to any terms before they tell vendors about these flaws. It gives the impression that they want the bugs to stay open and/or have a political stick to beat the vendors with.

      They've done worse than that. They've had the prosecuted as criminals.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    26. Re: This is extortion by Entrope · · Score: 1

      [citation needed]

      Also: Companies do not decide what makes a crime, and do not (as far as I know of, in civilized countries) have the power to prosecute crimes.

    27. Re: This is extortion by Entrope · · Score: 2

      Found the neoMcCarthyite.

      Another useful idiot self-identifies.

      I do not think either hypothesis is convincing -- but they are basically equally plausible.

      Any person or company with a US security clearance can lose it if they solicit the unauthorized disclosure of classified information. If they agree to Wikileaks' terms, that would probably qualify as a serious security violation; even talking with Wikileaks about the subject might qualify. That doesn't mean they are "in bed with" the CIA, only that they do work related to national security and wish to continue doing that.

      There are lots of other reasons that a company would refuse to agree to terms dictated by a party with details of security problems. Some examples: it sets a bad precedent, it suggests the possibility of corruption, and there is seldom any way to enforce compliance.

      Because there are so many reasons that companies would reject terms dictated by Wikileaks, and not want to negotiate terms, it is either naive or malicious to infer that companies who refuse Wikileaks's terms did so because they have secret deals with the CIA or anything else to hide.

    28. Re: This is extortion by Anonymous Coward · · Score: 3, Insightful

      Wow, tinfoil hat much?

      The more likely solution is that companies aren't willing to agree to fix a set of bugs within 90 days without even knowing what that set of bugs is. I think it would be incredibly irresponsible for someone to agree to do a set of work in a set timeframe without even knowing what that work is.

    29. Re:This is extortion by poity · · Score: 4, Insightful

      Wikileaks: I need guarantees that you will use this information to the benefit of your users rather than the government
      Microsoft: We'll get back to you on that
      Media: Wikileaks isn't helping Microsoft unless demands are met
      Media Consumers: WTF I HATE WIKILEAKS

      --
      your thin skin doesn't make me a troll
    30. Re: This is extortion by AmiMoJo · · Score: 2

      Either way, it's of massive benefit to us.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    31. Re:This is extortion by Anonymous Coward · · Score: 1

      "I'll give you this gun as long as you promise not to shoot me with it"

      From the article, it sounds like that's all they're asking for. If I'm wrong and they're asking for unrelated things, then I totally agree with you and that was actually my first impression upon reading the headline. But in reality it seems like Wikileaks will release information about the exploit as long as vendors promise to fix the exploits rather than allow the government to continue using them to violate our privacy and security. That's fine. That's akin to saying "if I give you this thing to help you, you have to promise not to use it against me"

    32. Re:This is extortion by Lonewolf666 · · Score: 1

      And why is it even necessary to negotiate here?

      This could be sidestepped by telling, not asking the software vendors to fix their stuff within 90 days. Because after 90 days, the vulnerability will be made public. Either they fix their stuff or they can watch their customers' IT being raped :-)

      --
      C - the footgun of programming languages
    33. Re: This is extortion by Entrope · · Score: 1

      You read what I just wrote. I gave that as only one example of a reason that companies would not accept terms from Wikileaks.

      There is also a very big difference between "doing classified work for the government", which I described, and "keeping products buggy because of CIA money", which the apparent Kremlin stooge suggested was the motive. Someone could work on an unclassified system where certain details are classified; for example, a land mine and IED detection system, where the details of how well it works on military vehicles in various conditions are classified, but those classified details are important for improving the system and saving lives.

    34. Re: This is extortion by Entrope · · Score: 1

      How do you suggest that Wikileaks (or the Kremlin) would dump all the information in this archive while withholding the details of the exploits?

      The Kremlin presumably would not have known about all, or perhaps many, of the bugs before the leak. They gain from keeping the bugs open.

      The Kremlin would love to undermine public trust in major US companies, either directly because of security problems, or indirectly by painting them as CIA pawns.

      The Kremlin would love to be able to focus attention on US covert activities to divert attention from all the journalists and opposition politicians it has assassinated.

    35. Re: This is extortion by Entrope · · Score: 1

      Please clarify. Do you mean that keeping the details of exploitable bugs away from the people who can fix them or thwart attacks is a "massive benefit to us"? Do you think that the Kremlin has the best interests of Americans at heart? Does the Kremlin pay you as a propagandist?

    36. Re: This is extortion by AmiMoJo · · Score: 1

      It is of great benefit to know what the exploits are and to know which companies don't want to fix them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    37. Re: This is extortion by Anubis+IV · · Score: 1

      It's pedantic to constrain my comment to the specific topic I wanted to address? I don't think so. I kept my comment to the exact issue I wanted to discuss. That someone else jumped to a conclusion based on what I said is unsurprising, but I didn't want to dilute my original comment by addressing all angles of this situation. I wanted to make it very clear that I was taking issue with their "two wrongs make a right" mentality.

    38. Re:This is extortion by NatasRevol · · Score: 1

      Oh, boo hoo. Poor wikileaks put itself in a difficult position, then waffles on that position, then gets criticized for waffling.

      Fuck them.

      --
      There are two types of people in the world: Those who crave closure
    39. Re:This is extortion by NatasRevol · · Score: 1

      We can be quite sure Wikileaks isn't asking for anything for themselves for the disclosure (because they never have)

      Your honor, you can be quite sure I never killed that guy, because I never have.

      --
      There are two types of people in the world: Those who crave closure
    40. Re:This is extortion by pabloesgalhardo · · Score: 1

      No, this is not extortion, this forcing multinational conglomerates to comply with perfectly acceptable and decent polities regarding those who in the first and last instance provide them with profit. WE ARE NOT SHEEP

    41. Re:This is extortion by stoatwblr · · Score: 1

      The problem is that time and again when given a deadline to fix, vendors have gone to court to try and prevent the exploits being published.

      The only way to prevent that is to set a deadman switch on the release of data.

      A "don't sue" clause seems prudent.

    42. Re:This is extortion by AutodidactLabrat · · Score: 1

      Wrong.
      You can not "Extort" someone when you merely require him to honor "Fitness for use intended".
      That you have to twist his arm to get him to comply with contract law is a sick note on how little enforcement there is against criminal capitalism.

    43. Re:This is extortion by Anubis+IV · · Score: 1

      Wrong.

      Re-read my comment and you'll see that I constrained it to the moral failing of the previous poster, rather than addressing the broader issue of whether or not this is extortion. If you think I'm wrong in saying that two wrongs don't make a right, I'm happy to discuss the matter further, but with regards to whether this is extortion, I've already said elsewhere that I don't think it is.

    44. Re: This is extortion by Archangel+Michael · · Score: 1

      you made a vague accusation that the Kremlin is influencing WikiLeaks. Do you have any evidence?

      This is the second time I've seen this accusation, and the first time the guy offered no evidence, just that he "was Russian, and knows things". My guess, is that this is all part of the vague "Russians Hacked the US elections" thing, that was exposed as being based on vague accusations ... from the beginning.

      It is actually more likely that it was Seth Rich that gave WikiLeaks at least part of the treasure used to upset the election. And having "Password" as your password ... revealed in a Phishing attack is evidence that said person shouldn't be anywhere near sensitive/secret information.

      So far, vague allegations are all that is needed to upset people with Trump. The fact that he is playing the game back is popcorn worthy material. Nobody gives a shit when the Press lies with its unsubstantiated allegations, but when Trump does it, all hell breaks loose and his is "unhinged"!

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    45. Re: This is extortion by Archangel+Michael · · Score: 1

      The CIA presumably got the hacks from Russians, so that they would want the Russians to take the fall.

      The CIA is actually working with affected companies, and they really can't disclose the vulnerabilities to the public, because they already know about them.

      The CIA would love to undermine the public trust in WikiLeaks, so blaming the Kremlin for everything is logical (cold war mistrust)

      The CIA would love to be able to shift the focus off their hacking skills and put it on the Kremlin.

      OR Perhaps both the Kremlin and the CIA are both pissed at the other exposing them and are using public press to wage a war for the minds of citizens of the world. Meanwhile, I'm pissed that nobody seems to give a shit about doing the right thing, except it appears ... WikiLeaks.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    46. Re:This is extortion by SoftwareArtist · · Score: 1

      Maybe. Or maybe not. If the conditions are such reasonable, industry standard ones, why isn't wikileaks disclosing what they are? Given Assange's history, he has zero credibility in my book. For an organization that's supposedly dedicated to public disclosure, they're awfully fond of keeping things secret. I mean really, they won't tell us what conditions they're asking the companies to agree to? Then I certainly won't assume they're as reasonable as he wants us to think they are.

      --
      "I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
    47. Re:This is extortion by doccus · · Score: 1

      This is extortion. It's one thing to disclose leaked information to expose corruption, which is something good journalists do. However, journalism doesn't involve using leaked information as leverage to make demands. That is called extortion or blackmail. Wikileaks has shown that, at best, it's a criminal organization. I'm dismayed that so many people at Slashdot always rush to defend Wikileaks and Julian Assange in articles like these. It says a lot about the complete lack of character of most of the users on this site, which is also why there is so much tech-related crime. All of you should he ashamed of yourselves.

      Yes, it's true that it is extortion. The question becomes, then, is it ever justified? I think, when you are dealing with either corrupt entities, or entities that pervert the legal system to meet their needs at the expense of the public, it may well BE justified. Nothing is ever set in stone, except for the 10 commandments (whioh is where the saying "set in stone" originated, after all).

    48. Re: This is extortion by Entrope · · Score: 1

      So why does Wikileaks want to keep the bugs secret from the companies that can fix them?

    49. Re: This is extortion by Entrope · · Score: 1

      I didn't make such an accusation (various US security pundits have). I only said it was as plausible an explanation (for Wikileaks making demands in exchange for details about security bugs) as "Wikileaks is stupid enough to think that companies who don't agree to its terms must be in cahoots with the CIA". As I said in a comment elsewhere in this chain, I don't think either explanation is very convincing.

    50. Re:This is extortion by AutodidactLabrat · · Score: 1

      Sorry, posted in the wrong place.

    51. Re: This is extortion by LostMyBeaver · · Score: 1

      https://www.openbible.info/topics/retribution

      Why not search within page there for the word vengeance and see what turns up. You don't get to selectively choose on

      I have read quite a few bibles actually. The topic of vengeance and revenge hidden under the title of retribution is what originally made me adverse to being a member of religion.

      I think the beauty of religion is that we all have our own interpretations of it. I spent 13 years of my life praying to a god that he will come down and take vengeance on my oppressors and enemies. I read those prayers over and over and over year after year. It taught me to hate anyone who was an enemy of my religion... which by further definition meant anyone who was not of my religion because if they were not an enemy of my religion, they would be a member of it.

      I was also taught that everyone everywhere wants to kill me because I was unfortunate enough to have been born a member of my religion. I was taught that in 3800 years we were always the victims of the hateful infidels. And one day, the lord would send us a messiah who would allow us to have our vengeance and seek retribution.

      Visit a Jewish temple sometime on a Saturday and listen to the little children sing the pretty songs in Hebrew... and then read the translations as they sing them. They have no idea what the words mean, but they all love those songs and how special they are that they can sing them. I think you'd be absolutely shocked and horrified by their meanings.

      But I guess you're all knowledgeable about all religions and your interpretation is right. Religion gives us the word retribution as a means of making revenge sound so much sweeter and nicer. It's not revenge if "we're only getting retribution".

      Let me tell you something, retribution is nonsense. We go to war and kill people for retribution. Need proof? Most of the western world hauled ass to Afghanistan to find retribution against people who killed themselves by crashing airplanes into buildings. Do you know how many good and innocent people died in our hunt for retribution? Do you know how many good and innocent people died as the western world went out there with massive weapons and leveled villages and cities? And while we did it, the world leaders stood and declared "God is with us!".

      So, before you make embarrassing statements about how well you understand the bible..

      First rule... there is a lot more than just one bible

      Second rule... the King James Bibles is a highly selective lovey dovey version of the old testament. To be fair, the Torah is a deep, dark and damn near hateful book which makes the darkest parts of Quoran look warm and fuzzy in comparison. Read a proper translation and reference that instead.

      Third... openbible.info is a REALLY REALLY politically correct interpretation. It's practically "fake news". It leaves out most of the really good stuff... especially the stuff about violence and systematic hate.

      That said, I have absolutely nothing against religion. Only against zealots. Both my kids are baptized and my son is being confirmed in September because we want to show respect to our religious family members and their faith and it just doesn't hurt to eat a cookie and have a drink. My son is even attending training for his cookie eating ceremony every week for 6 months.

      In the future, when you jump to the conclusion that someone may in fact have an interpretation of religion other than your own simply because they are uneducated, you might be wrong. It could be that they simply see things differently than you.

  2. Sounds reasonable to me by Anonymous Coward · · Score: 1

    n/t

    1. Re: Sounds reasonable to me by amiga3D · · Score: 2, Insightful

      There are no good guys in this scenario. Wikileaks is so focused on their little crusade for openness that they've adopted the same "the end justifies the means" approach as the CIA and NSA.

    2. Re: Sounds reasonable to me by Anonymous Coward · · Score: 1

      Whenever I see people bash wikileaks for no reason I always under about

      https://en.wikipedia.org/wiki/CIA_influence_on_public_opinion

    3. Re: Sounds reasonable to me by SwashbucklingCowboy · · Score: 1

      This isn't a crusade about openness, this is a crusade to hurt the US. Notice how Wikileaks doesn't leak anything about Russia? Or China? Or ...

    4. Re: Sounds reasonable to me by TellarHK · · Score: 1

      I don't believe WikiLeaks has anything to do with openness anymore. Not since they openly held back and released things during the US election timed specifically to harm a candidate. They're in it for something more now, and the only question is who benefits. It's not any of us, except maybe the remaining Putin shills.

      --
      My own pointless vanity vintage computing page
    5. Re: Sounds reasonable to me by Anonymous Coward · · Score: 1

      Your right, Wikileaks has pro-american agenda. They want Russia and China to be shit countries and not fix their problems, but they allow USA fix their problems, by revealing problems. USA is lucky to have such a friend.

    6. Re: Sounds reasonable to me by morkk · · Score: 1

      Have you bothered to consider that maybe they don't get leaks from Russia or China? Nothing leaked - nothing to publish.

    7. Re: Sounds reasonable to me by morkk · · Score: 1

      >Not since they openly held back and released things during the US election timed specifically to harm a candidate.

      You actually know this or just repeating an alternative fact you read somewhere?

    8. Re: Sounds reasonable to me by Imrik · · Score: 2

      The point is that it doesn't matter what the ends are if the means are the problem.

    9. Re: Sounds reasonable to me by amiga3D · · Score: 1

      But withholding info on vulnerabilities is not an ethical position. I'm not really bashing them though, just pointing out that they've made the same mistake the CIA has made. They've so focused on their goals that they've abandoned the high road.

    10. Re: Sounds reasonable to me by amiga3D · · Score: 1

      I really don't blame the CIA. They're spies and spies spy. It's what they do. The problem is they're not kept on a short leash lately and have been allowed to hunt on their own. The people that oversee them are to blame I believe. They can call them to heel anytime they get ready to if it suited them.

    11. Re: Sounds reasonable to me by tinkerton · · Score: 1

      I would fully agree though the main issue with the CIA is keeping them on a short leash. But if you think the problem is recent, this offers a better starting date : https://mises.org/blog/truman-...
      What the latest leak shows is that the CIA is diversifying more , increasing their reach, making them more independent. They don't have to ask the NSA for help, they've got their own departments. That is all about increasing power.

    12. Re: Sounds reasonable to me by meta-monkey · · Score: 1

      But withholding info on vulnerabilities is not an ethical position.

      It depends on the circumstances, doesn't it? If you release a vulnerability that the vendor has no intention of fixing and people can't fix themselves, you just made it known to more bad guys and put more people at risk. And if you don't play the media right then no one pays any attention so you may not even get public pressure on the vendor to fix their shit.

      I agree that WikiLeaks acts in the interests of WikiLeaks, but I don't think there's a one size fits all rule for the ethics of vulnerability disclosure.

      --
      We don't have a state-run media we have a media-run state.
    13. Re: Sounds reasonable to me by meta-monkey · · Score: 1

      Is there any evidence WikiLeaks has received Russian or Chinese leaks and then not published them? WikiLeaks is not the only game in town. If Russians or Chinese were sending info to WikiLeaks that they were sitting on because WikiLeaks is somehow pro-Russia or pro-China, then those leakers would send the info to the NY Times (or self-publish somewhere) along with the bombshell that WikiLeaks refuses to publish their shit.

      Hmmm. You know, SwashbucklingCowboy hasn't released any dirt on Russia or China either. Just who are you working for, SwashbucklingCowboy?!?

      --
      We don't have a state-run media we have a media-run state.
  3. European companies prioritize their customers? by Anonymous Coward · · Score: 1

    I was not aware that prioritizing customers over government contracts was a practice that only European companies were capable of. Doesn't having government contracts mean that the government is your customer? How exactly is that supposed to work? Maybe Assange meant to say "may prefer organizations such as Mozilla or European companies that prioritize their users over United States government contracts."

  4. This just in by 93+Escort+Wagon · · Score: 2, Insightful

    Assange fighting to stay relevant by any means possible. News at 11.

    --
    #DeleteChrome
    1. Re:This just in by bug1 · · Score: 4, Insightful

      More news is coming in;

      Person complains that a small group of freedom fighters arent fighting hard enough to protect their interests, suggests they should try harder.

      They further complain about having to get out of bed, suggesting someone else should do it for them.

    2. Re:This just in by Anonymous Coward · · Score: 4, Insightful

      Wait, are you saying Assange is a freedom fighter?

      So why is he in bed with authoritarians like Putin, Farage, and has engaged in mutual praise with Trump? Even if you believe there's no official connection then Assange is a regular on Russia's state propaganda channel RT, has met up with Farage in the Ecuadorian embassy:

      https://www.rt.com/tags/the-ju...

      https://www.theguardian.com/co...

      You have a funny definition of freedom if it means support and praise of people who back things like elimination of civil liberties, strict control of speech, elimination of equality, and convergence towards dictatorship.

      Assange is the last person I'd want fighting for my freedom, because he doesn't believe in freedom, he believes in absolute rule by only those who he personally agrees with and is trying to support that using Wikileaks.

    3. Re:This just in by orzetto · · Score: 3, Interesting

      You have a funny definition of freedom if it means support and praise of people who back things like elimination of civil liberties, strict control of speech, elimination of equality, and convergence towards dictatorship.

      You have a funny definition of freedom yourself if you think that it means developing and collecting techniques to use your personal electronics as spies for the government. Whatever Assange's relation to the Kremlin may be: on this specific issue they are fighting for your and my freedom with much more impact than any soldier ever had in the past 70 years.

      Assange [...] doesn't believe in freedom, he believes in absolute rule by only those who he personally agrees with [...]

      According to a 2011 interview with Forbes, Assange is some sort of libertarian. Now I tend more to what is called socialist in the US, and believe little in trickle-down economy and market shenanigans, but you are describing a fascist, which Assange has never given any reason to believe he is. On the other hand, the people who "believe in absolute rule" are also those who collect and use the hacking tricks used by the CIA. So what kind of fascist would ever disarm the brown shirts?

      --
      Victims of 9/11: <3000. Traffic in the US: >30,000/y
    4. Re:This just in by tietokone-olmi · · Score: 1

      Anything that anyone does can be dismissed in this way.

  5. I wonder how many of these 0-days are really new by dcavanaugh · · Score: 2

    For all we know, the CIA might have written deliberate vulnerabilities to be patched into production code. Either that, or maybe they bullied software companies into ignoring certain vulnerabilities that would otherwise be fixed. Considering how many tech companies have been enlisted by big-government and how many cover stories have been busted, nothing can surprise me anymore.

  6. Why Aren't the Terms Public? by Anonymous Coward · · Score: 1

    What the hell?
    Why doesn't wikileaks publish the terms for everyone to see?
    Are they waiting for someone to leak them?
    Seems really hypocritical of them.

  7. After firing most of their QA team, Microsoft... by Anonymous Coward · · Score: 5, Informative

    simply can't commit to timelines. Most of my friends that worked there have either been laid off or quit due to ridiculous hours or vacation inequality, so their best programmers are no longer there. They simply can't fix problems in a timely manner any longer.

  8. Re:I wonder how many of these 0-days are really ne by tinkerton · · Score: 1

    I see it this way. A vulnerability is found and an exploit is written. As time passes several things happen. The exploit gets distributed because of outsourcing and after a while there really are a lot of people who know about it. Other people also find out about the vulnerability. Some day software maker finds out and the bug is no longer zero day but the exploit will still work on unpatched systems so it sticks around until something much better replaces it.

    As for the software company itself,I suspect most companies just take it as it comes. If they find out about a zero day bug they fix it and the CIA keeps silent. For some critical companies it may be different and the CIA may try to negotiate something, claiming nobody else will find out, or making an offer one cannot refuse. But knowing about a bug and not fixing it is complicated. It's not something you want people to find out and chances are they will. Knowing there is a bug but not investing in finding out is a bit easier. One only has limited resources.

  9. Re:Wikileaks BAAD; CIA Goooood! by belthize · · Score: 5, Insightful

    The world will make a lot more sense when you realize it's possible for both sides to be bad. Comparative ethics is not a zero sum game.

    Wikileaks' intent to provide an outlet for whistle blowers to uncover corruption in various governments and and corporations had a lot of merit. Unfortunately the very model of "we don't care where it came from, we just post it" is its undoing. It didn't take long for governments to figure out if you can destroy it, use it.

    They thought they could turn over the chess board, but they're just another pawn.

  10. Fuck Wikileaks by DogDude · · Score: 4, Interesting

    Fuck Wikileaks. I initially supported what they were trying to do, but they've proven to be complete assholes.

    --
    I don't respond to AC's.
    1. Re:Fuck Wikileaks by drinkypoo · · Score: 4, Insightful

      You might as well complain that the firefighters were assholes while they saved your house

      If the firefighters are refusing to save my house from burning unless I commit to rebuilding it out of nonflammable materials within ninety days, then they are assholes.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re: Fuck Wikileaks by drinkypoo · · Score: 1

      I don't know? Maybe try building your house out of something other than flash paper and strike anywhere matches?

      I would like to see the code demand nonflammable materials. I'm actually a renter, but I live in a wooden house in wildfire country. They have a hard-on for controlled burns around here but there have still been a couple of close calls. Whee! I want to build something out of stacked shipping containers (stacked in the orientation in which they are designed to be stacked, but with spacers) for a combination of seismic stability and fire resistance, to say nothing of material re-use.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Fuck Wikileaks by TechnoJoe · · Score: 1

      If the government is refusing to cut you a check for your flooded-out home unless you commit to rebuilding it further away from the flood zone, they are being perfectly reasonable.

    4. Re:Fuck Wikileaks by drinkypoo · · Score: 1

      If the government is refusing to cut you a check for your flooded-out home unless you commit to rebuilding it further away from the flood zone, they are being perfectly reasonable.

      Yes, that would be great, but unfortunately that's not what they do. Instead, they just try to make it hard for you to get a check no matter what, but then they don't put any restrictions on where you can spend it and then people rebuild on the same floodplain all over again.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  11. Re:Wikileaks BAAD; CIA Goooood! by tinkerton · · Score: 4, Interesting

    I don't expect Wikileaks to be saintly and I think it's not necessary for them to be above all criticism in order to be valuable. Checks and balances are important because there is no good guy that you can trust with too much power. And Wikileaks both has value in it, and is one of the guys you can't trust with too much power.

    That doesn't mean I believe the criticism about Wikileaks. That's just a giant and very successful FUD campaign.
    For instance I disagree that they're being manipulated by Russia, there is no proof for it so why believe the claim?
    The article above is just part of it. Wikileaks is asking the companies to sign something. That must be bad! Just look at all the posts on here. No, that doesn't have to be bad. It can be about wikileaks being paranoid about their action being used against them somehow. It can be about requiring the company to commit to actually fixing the bug within a certain period.It could be a mediocre decision by Wikileaks. That would still not be reason to make a big fuss about it.

  12. How to Google? by Anonymous Coward · · Score: 4, Informative

    https://it.slashdot.org/story/16/12/13/053243/pwc-sends-legal-threats-to-researchers-who-found-critical-security-flaw
    https://it.slashdot.org/story/11/10/14/2129228/security-researcher-threatened-with-vulnerability-repair-bill
    https://yro.slashdot.org/story/05/01/11/0129228/security-researcher-faces-jail-for-finding-bugs
    https://it.slashdot.org/story/15/05/05/2335223/cyberlock-lawyers-threaten-security-researcher-over-vulnerability-disclosure

    Seriously, man, it took me like 4 seconds to type "security researcher sued site:slashdot.org" into Google.

    1. Re: How to Google? by Entrope · · Score: 1

      Exactly one of those was a software company, and that company was European and pretty insignificant. That doesn't excuse keeping the details from the major vendors that most people care about.

    2. Re:How to Google? by SwashbucklingCowboy · · Score: 1

      Yeah, a few companies have threatened to sue. The Clinton campaign didn't sue Wikileaks. The US hasn't sued them, but Microsoft or Google will? Seriously, get a clue.

    3. Re:How to Google? by zedaroca · · Score: 2

      Read about Weev. He was sued and got jail time. He didn't even publish the flaw itself, just gave proof it existed to journalists. This would be much more serious.
      On getting a clue, the Wikileaks "secret" indictment is common knowledge. Everybody knew about it for years when Google informed some people about the seizure of their emails because of that investigation. US officials routinely reply to questions about Wikileaks saying they can't discuss it because of an ongoing investigation. Assange is not attainable now, there is no reason to bring the charges against him, this doesn't mean they will not be sued. After all, they are not Clinton.

    4. Re: How to Google? by stoatwblr · · Score: 1

      Plenty of large software companies have done it, some have been american and some have been _very_ large. I'm aware of a couple of cases where a superinjunction was sought (and granted) - a superinjunction means that you can't even drop hints that there's a court case.

      Personal opinion: Given the exploits are in use by greyhats (spy agencies), then blackhats probably have them anyway and rapid disclosure is the prudent path so that whitehats can man the barricades.

      MS and others used to be notorious for not fixing bugs in a timely manner.

    5. Re: How to Google? by Entrope · · Score: 1

      My cousin's best friend's college roommate's neighbor has an Internet GED in law, and she said that this has never _ever_ happened. So I'm going to just have to not take your utterly unsubstantiated word for it.

  13. Re:Wikileaks BAAD; CIA Goooood! by tinkerton · · Score: 1

    You can't blame people for being gullible either. What you're saying is what wikileaks is guilty of something until proven otherwise. That what they're doing is very suspicious because they're obviously bad guys. Wikileaks is communicating with many companies. Some of them collaborate with governments and deliberately leave security gaps open. It's a tricky environment to work in and there will be lawyers involved all the time. You can just as well say that if Wikileaks is doing something nasty some of the companies will expose the communication.

  14. Re:Sum it up already... by Anonymous Coward · · Score: 2, Funny

    3&4 letter agencies

    NAMBLA is six letters.

  15. Re:I wonder how many of these 0-days are really ne by AHuxley · · Score: 1

    A few 100 to 10's per year per product cycle? It depends on the average price and the clandestine budget for buying on the open market per year.
    Say a budget range for a good exclusive deal per zero day for a new OS or device in the 100 of apps/code/access products?
    Thats the positive side that still looks corporate. Its hard to tell who is buying in the mix of buyers globally.
    A flood of gov/mil cash in the wild would stand out even with a lot of US/UK front companies every y ear doing the malware buying.
    The negative side ensuring no US or UK brand has the skills to find the issue and fix the issue days or months later.
    If the security services buy too much in the wild, too many people start to notice and others want that payment or try to follow the payment front.
    Other teams then start looking for the funding and find payment methods, staging servers. So the numbers are kept low per year to hide the mil/gov origins.
    Also to avoid the better AV efforts and other security professionals from reading chat about too many big new cash payments.
    Some are networked, some need a human to place the malware and collect the results.
    A lot of different products are needed but too much and its detected by a wider community interested in every aspect of computer security.

    --
    Domestic spying is now "Benign Information Gathering"
  16. Re:Wikileaks BAAD; CIA Goooood! by belthize · · Score: 4, Interesting

    If they're not they will be. It's bloody trivial for a government to gather damning info on another country, leak it to wikileaks and wait for them to get all the flak.

    I never brought up Russia though I understand why you'd assume I was talking about them. The US, Russia, China, literally any country or any organization can selectively leak info on competitors if they haven't figured out they can do this (and I'm sure they have) then they will.

    It's trivial to manipulate Wikileaks by only leaking the narrative you want told.

  17. Re:Wikileaks BAAD; CIA Goooood! by tinkerton · · Score: 1

    I did indeed assume you were thinking of Russia.
    It's not trivial to fool Wikileaks, but it's likely that it will happen to some extent(as in being fooled by the source but not by the data). Wikileaks is good at protecting the source but I'm not sure why someone who can defend himself wants to pass through wikileaks if the info is valid. Will it make a big difference compared to publishing through another channel?

    The main worry of Wikileaks is that they get fed bad info in order to damage their credibility. There surely will be attempts at that. As they get strained more under the constant siege it is possible they may start making serious mistakes and errors of judgements. That's a plausible outcome. But then they're publishing false info and then it's likely others find out.

  18. Re:Of course it's easy for Mozilla... by higuita · · Score: 1

    what?!

    so we have:
    - one company that cares about the users and patch a security bug as fast as it can.
    - another that knows about a hole, but as it being used by some security agency, they do nothing for months, so that those agencies can still exploit the bugs (and who knows who else is also abusing the holes) until the agency have another zero day hole and the company can finally fix that bug, while still keeping other bugs "open"

    Security fixes delays is not about "regressions", is about how companies work, how important security is for them and the real interest in fixing the problems.

    The are bugs that are hard to fix and may create regressions, but most of then are simple missing checks or bad code that be fixed in a few days. half a year delay like MS sometimes do are other problems...

    --
    Higuita
  19. Re:This is extortion: nope! by higuita · · Score: 1

    Nope, this is not extortion nor blackmail, it is really trying to get a fix quickly and not letting companies screw their costumers, either by being lazy or by security agencies pressure

    If a company gets the bug report and then do not do anything for one year, what wikileaks can do ? release the info before the fix or wait more? either way, it is already too much time for a security bug that is being abused and in the end the info will be public with no one protected and in the end, it will always be wikileaks fault.

    better way is to agree the terms of the disclosure, putting hard limits for the fixes timelines. This pressures the company to follow the agreed timeline and release a fix. If they fulfill, everyone wins, if they fail, wikileaks can pressure for the update and depending of the reason for the delay, they can release the info without patch and report that the company failed with the agreement. this proves that wikileaks tried to follow the rules and the fault for the problem is the company.

    I think this is totally logic, MS, Oracle and many other companies do not care about security or take way too long to release fixes... as as the article hints, security agencies can pressure to keep the holes open. With a agreement, everyone knows what will happen and the end user will win. Without any agreement, just sending the info to the companies, those bugs could be open for months, being exploit by unknowns and everyone losed.

    Just check the security reports, most of then are fixed in a few days, so asking for a date limit is a good thing... as you also find security fixes that took way to long to be fixed

    --
    Higuita
  20. Re:Of course it's easy for Mozilla... by Dahamma · · Score: 1

    The real question is, if Mozilla has "already received" this information, why would they not share it with the other browser developers in the name of security?

    Is one of Wikileaks' terms that they not disclose "secret information"? That would be pretty fucking hypocritical...

  21. Re:Wikileaks BAAD; CIA Goooood! by BlueStrat · · Score: 1

    And if there is a value in keeping them secret, then explain what the value is so randos on the internet don't have make up rationalizations for you.

    I'll keep this simple.

    An entity (WL, a security researcher, whatever) discovers major unpatched mainstream software/OS vulnerabilities. Should the entity simply release the details publicly and let the bad actors have a field day while the software makers scramble to push out a fix before more damage is done, or would it be more responsible to first try to get the software/OS makers to committing to patching the vulnerabilities before releasing the details publicly?

    Seeing as this behavior (attempting to avoid damage from publicly releasing the vulnerability details before they're patched) regarding the WL proposed release aligns fairly closely with responsible vulnerability disclosure practices among network security experts, Occam's Razor would suggest this is the more likely explanation.

    Don't pay attention to the flood of government psy-op posts. It's pretty well become SOP for any article involving news/data critical of and/or exposing overreaching US intelligence.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  22. The least evil organization has already agreed to by itsphilip · · Score: 2

    It's clear that the terms aren't unreasonable and likely for the common good if the only not-for-profit (Mozilla) has already agreed to the conditions

  23. Re:Wikileaks BAAD; CIA Goooood! by BlueStrat · · Score: 1

    If it is "industry standard" then why won't they publish it?

    Reading comprehension, much?

    From my post:

    Seeing as this behavior (attempting to avoid damage from publicly releasing the vulnerability details before they're patched) regarding the WL proposed release aligns fairly closely with responsible vulnerability disclosure practices among network security experts...

    *Not* releasing the vulnerabilities straight away without at least a good-faith attempt to allow those who can patch the vulnerabilities the opportunity to take action before the vulnerabilities are released is the standard.

    Try reading *all* the way through a post you want to respond to. It will save you further embarrassment in the future.

    Oh jesus, I feel like I am trapped in the middle of a fight between dueling conspiracy fantasists.

    The old restrictions against US government use of propaganda domestically against US citizens no longer exists. That US TLAs use shills and sockpuppets on various social media platforms and forums is old news.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  24. Re: Of course it's easy for Mozilla... by Desler · · Score: 1

    So that's why its marketshare is only in teens?

  25. Is receiving information a crime? by manu0601 · · Score: 1, Interesting

    We talk about leaked classified material that remains classified. Does it qualify as a federal crime to accept it?

    1. Re:Is receiving information a crime? by cwsumner · · Score: 1

      In many countries, including the US, it is a crime to accept classified information that you are not cleared for.

      If you don't like it, talk to your congressperson.

  26. This makes me happy by Anonymous Coward · · Score: 1

    A deadline is very necessary in order to prevent circumvention of fixes. Example, it took Google until December of 2016 to release Dirty Cow fixes for Android users. Why? Because a vulnerability patch by intelligence viewpoint means loosing a tool. Just a theory, but I blame the election and wanting to monitor voter chatter. A deadline prevents things like this. Also, for companies that act like they love open source so much, they shouldn't have any trouble caring about their users over profits or have an issue with vulnerabilities and proposed fixes being publicly posted. People that see this as extortion may be for a shock when experienced and responsible programmers look at the vulnerabilities and realize that they may be intentional, either for personal stats gathering or government back scratching.

  27. Re:Of course it's easy for Mozilla... by Imrik · · Score: 1

    Why would Mozilla tell other browser developers about problems with Mozilla?

  28. Re: Of course it's easy for Mozilla... by Imrik · · Score: 2

    There's a good chance you could count Firefox's market share percentage using the fingers on one hand.

    That's hardly surprising, I can count to nearly a 1/3 market share with the fingers on one hand.

  29. Re: Of course it's easy for Mozilla... by stooo · · Score: 1

    Did it hurt ? Did you lose some fingers? Try with the other hand, you'll get more finger marketshare !
    For me, the fingers on one hand have 50% market share over all my fingers, regardless of which hand i use.

    --
    aaaaaaa
  30. What. by stooo · · Score: 2

    What ?
    Revealing security flaws in a responsible manner is extorsion ?

    --
    aaaaaaa
  31. Re:This is extortion: nope! by tinkerton · · Score: 1

    I think this is totally logic, MS, Oracle and many other companies do not care about security or take way too long to release fixes...

    Actually it is quite possible to be critical about Wikileaks having demands. In principle at least. In practice Wikileaks is being smeared and attacked all day long and if they do not correspond to the highest standards they are regarded as evil. That is not realistic,Wikileaks can be very valuable even if it is very flawed. There are plenty of flaws around with the other players as well but for some reason other standards apply there.
    What I would regard as sensible critique is that Wikileaks should try and stick to its core task: being the first step for whistleblowers to reach the public. They should try to limit their responsibility to that. To the extent possible they should avoid publishing themselves. It can be a plan B, but plan A, passing through journalism, should not be dropped even if it is problematic . They can release bugs to companies but don't necessarily have to take on responsibility for the bugs being fixed. So I think Assange is overstretching there. But that doesn't make him bad. It's more a disagreement about strategy.

  32. Why secret? by CanEHdian · · Score: 3, Interesting

    Anyone able to explain why these agreements/demands are SECRET? There should be ("industry standard"?) nothing stopping WL from publishing them. In the interest of transparancy.

    --
    When the copyright term is "forever minus a day", live every day like it's the last.
    1. Re:Why secret? by TechnoJoe · · Score: 1

      You have a point. Someone should send those secret demands to WikiLeaks. They'll get the info out. Oh wait...

  33. Re: After firing most of their QA team, Microsoft. by drinkypoo · · Score: 3, Interesting

    Heard this lie before from you dude. Why are you trying so hard?

    Well, who do you think Microsoft is firing?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  34. Re:Wikileaks BAAD; CIA Goooood! by JasterBobaMereel · · Score: 1

    ...and Governments/People have now realised that Wikileaks will publish anything they are given no questions on sources asked, as long as they can verify it is real ...and Governments have huge resources to make things look genuine

     

    --
    Puteulanus fenestra mortis
  35. Re:Wikileaks BAAD; CIA Goooood! by Yunzil · · Score: 1

    For instance I disagree that they're being manipulated by Russia, there is no proof for it so why believe the claim?

    You're joking, right?

  36. Prefer European companies, eh? by tietokone-olmi · · Score: 1

    Or anyway those who don't have a simplistic, easily-probed agreement or other conflict of interest with classified U.S. three-letter agencies. This criteria changes exactly nothing.

    Beware the false prophets. Ineffective activism is exactly equivalent to doing nothing at all.

  37. WikiLeaks acting childish? Astonishing. by michael_wojcik · · Score: 1

    The WikiLeakies need to grow up. John Young may be a class-A curmudgeon (I've been on the wrong side of his disgruntlement myself), but Cryptome has been doing this since long before Assange was a gleam in the media's eye, and behaving like a site run by adults in the process.

    There are far too many self-important glory-hounds associated with WikiLeaks (starting, of course, with the Fugitive himself). The organization has certainly done good in disclosing some important materials, but is all too easily distracted from its ostensible core mission.

    Withholding 0-days from vendors is bad, regardless of whether it's the CIA or WikiLeaks that does it.

  38. Re:Wikileaks BAAD; CIA Goooood! by cwsumner · · Score: 1

    ... Strat

    We appreciate you contribution to the discussion, but please don't feed the trolls. It only clutters up the thread. ;-)

  39. Bullshit by Rujiel · · Score: 1

    Wikileaks isn't obligated to fix your 0days for you. If you don't want the help, just do it yourself.

  40. Re:Of course it's easy for Mozilla... by Dahamma · · Score: 1

    Because it's open source?

  41. Re:Of course it's easy for Mozilla... by Dahamma · · Score: 1

    How do you know? It's entirely possible that the same vulnerabilities exist in different software doing very similar things. How do you know it's in the rendering engine and not one of the common libraries they use, etc? You don't, because no one has made the exploits available to you.

  42. Re:This is extortion: nope! by higuita · · Score: 1

    AFAIK, that info is a rumor, probably spread to make wikileaks look bad

    yes, they released docs with names, they said they should have been more careful, but i never saw any real news about that money, only random forum posts

    --
    Higuita