On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote: > On 10 July 2013 09:43, Jacob Appelbaum <ja...@appelbaum.net> wrote: > > Andreas Bader: > > > Tens of thousands zero-days; that sounds like totally shit. That > > > guy seems to be a script kiddie poser, nothing more. > > > Are there any real "hackers" that can issue a competent statement > > > to that? > > > > I couldn't disagree more. This sounds consistent with the current arms > > race and also relates directly to the 0day markets that have been active > > for many many years. Remember though: buying 0day bugs or exploits for > > 0day is just one part of a much larger picture. > > I cautiously disagree with Andreas also, but from a different angle. > I don't have any insider knowledge obviously. But if the tens of > thousands figure included 'soft targets': > - OEM Software like printer drivers, graphics drivers, or the > preinstalled crud you get when you buy something from Best Buy
Much more importantly, commercial software deployed in vertical markets. The "secure" notes application that a psychiatrist uses to track their clients. Document management for military and energy system engineering designs. Database systems. NFS and SAN management tools. Chemical plant management systems (Stuxnet!). FedEx's outsourced logistics products. There are probably 10,000 interesting *applications*. (There are certainly 2,000 interesting apps.) If the cyber war fighters don't have at least one 0day per app, they're not doing their job (as it's been tasked to them by their chain of command... I disagree with that tasking and the justifications behind it, but look at the situation from the colonels on down.) -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
