Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] In his own words: Confessions of a cyber warrior

Andy Isaacson adi at hexapodia.org
Thu Jul 11 14:43:46 PDT 2013


On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote:
> On 10 July 2013 09:43, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> > Andreas Bader:
> > > Tens of thousands zero-days; that sounds like totally shit. That
> > > guy seems to be a script kiddie poser, nothing more.
> > > Are there any real "hackers" that can issue a competent statement
> > > to that?
> >
> > I couldn't disagree more. This sounds consistent with the current arms
> > race and also relates directly to the 0day markets that have been active
> > for many many years. Remember though: buying 0day bugs or exploits for
> > 0day is just one part of a much larger picture.
> 
> I cautiously disagree with Andreas also, but from a different angle.
> I don't have any insider knowledge obviously.  But if the tens of
> thousands figure included 'soft targets':
>  - OEM Software like printer drivers, graphics drivers, or the
> preinstalled crud you get when you buy something from Best Buy

Much more importantly, commercial software deployed in vertical markets.
The "secure" notes application that a psychiatrist uses to track their
clients.  Document management for military and energy system engineering
designs.  Database systems.  NFS and SAN management tools.  Chemical
plant management systems (Stuxnet!).  FedEx's outsourced logistics
products.

There are probably 10,000 interesting *applications*.  (There are
certainly 2,000 interesting apps.)  If the cyber war fighters don't have
at least one 0day per app, they're not doing their job (as it's been
tasked to them by their chain of command... I disagree with that tasking
and the justifications behind it, but look at the situation from the
colonels on down.)

-andy



More information about the liberationtech mailing list