HackerTrans
TopNewTrendsCommentsPastAskShowJobs

notactuallyben

no profile record

Submissions

Binary Ninja 5.0 – Gallifrey released

binary.ninja
4 points·by notactuallyben·vorig jaar·0 comments

comments

notactuallyben
·2 jaar geleden·discuss
Vulnerabilities in the Linux kernel would have a similar impact to a macOS kernel bug. It’s a myth that “more eyes means more secure” for OSS ;-) - it can be true, but often that’s not the reason
notactuallyben
·2 jaar geleden·discuss
Yep, I don't think there's any disagreement with that, especially when you look at things like Tianfu cup in general. Any country that can, essentially wants to do offensive cyber.
notactuallyben
·2 jaar geleden·discuss
Are you suggesting that western exploit sellers are selling bugs to western governments and also BRICS? that sounds not very likely.

All of this stuff is very complicated ethically, but I don't think you can simply say that it is always in the public good to expose bugs (stuxnet is a good example of a bug chain avoiding a far deadlier outcome)..

I've personally worked for vendors of software and done offensive research, and now I do neither.
notactuallyben
·2 jaar geleden·discuss
It's not true anymore due to the new generation of hackers that came up, and it's unpolite to dox them if they don't want to be known for it, but for a period, about a third of Google Chrome/Project Zero security all came from ex Western govts (or contractors) - you can find vague mentions on dailydave mailing list about this.
notactuallyben
·2 jaar geleden·discuss
also TAG and other Google security people hired from former Western sigint :)
notactuallyben
·2 jaar geleden·discuss
firstly, very unlikely that zerodium are supplying bugs they use (could be internally developed, or developed by a more trusted domestic defence contractor).

What about if the targets are like Osama Bin Laden's (* INSERT MORE MODERN TERRORIST) family (I have no idea who they are targeting).

Are you meant to have some dude speak arabic and become close friends with the top terorist leaders? Like how do you propose that even work? Would HUMINT actually work in those cases?

I think it's a nice idea for everyone to work on fixing the vulnerabilities, I don't think that will scale with whatever organisations mandate to stop terrorism or whatever.
notactuallyben
·2 jaar geleden·discuss
Interesting blog post that was long overdue, I think Google should probably disclose all the details (URLs/actors responsible, methodology for catching these exploits ITW and targeting) around the ITW samples when they kill the bugs, so we can have nuanced discussion with actual facts. It would also help the threat intelligence industry ;)
notactuallyben
·2 jaar geleden·discuss
while beg bounty people can be annoying, you have to remember that people aren't obligated to sit down and find free bugs for any company (especially not a big one) - why would i sit down and look at some code for free for some giant corp when i could go to the beach instead?