Post Reply Assange chastises companies that haven't responded to CIA vulnerability offers
21385 cr points
Send Message: Send PM GB Post
Hoosierville
Offline
Posted 3/20/17
This is why open source is the way to go. These closed source companies don't even care about security even when severe holes and how they are exploited are given to them on a silver platter. Or perhaps they were paid off to keep the holes.

http://thehill.com/policy/cybersecurity/324749-assange-chastises-companies-who-havent-responded-to-cia-vulnerability

WikiLeaks head Julian Assange is slamming companies for not taking the site up on its offer to share security flaws the CIA exploited in their products.

In a screen-shot statement tweeted on Saturday, WikiLeaks noted that "Organizations such as Mozilla" have responded to the site's emails offering to publish unreleased security vulnerabilities from leaked CIA files. "Google and other companies" have not.

"Most of these lagging companies have conflicts of interest due to their classified work with US government agencies. In practice such associations limit industry staff with US security clearances from fixing holes based on leaked information from the CIA. Should such companies choose to not secure their users against CIA or NSA attacks users may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts," the statement read.

ADVERTISEMENT
WikiLeaks recently published a trove of files leaked from the CIA, including descriptions of hacking techniques. The site made an effort to redact source code showing how to actually accomplish the techniques, although enough code slipped through the cracks for researchers to reverse engineer at least one of the security flaws.

On Friday, Cisco announced it was patching a vulnerability found in the files.

Experts have questioned whether the government would crack down on companies that took WikiLeaks up on their offer.

Assange's statement also dismissed media reports that companies pushed back against a time limit to fix vulnerabilities shared over emails, saying firms gave no response whatsoever to emails offering information.

Many researchers that hunt for unknown security flaws — including Google's research arm — give a time limit to repair vulnerabilities before releasing them to the public. It is seen as a way to encourage prompt responses to threats. Some vendors, particularly during years cybersecurity was not taken seriously, have chosen not to fix problems sent their way.




Wikileaks main page on this: https://wikileaks.org/ciav7p1/
27669 cr points
Send Message: Send PM GB Post
28 / M
Offline
Posted 3/21/17
Well let's be honest, Google didn't give a fuck about privacy until it became good PR. Like Microsoft they'd gladly sell you out to the Feds or anyone rich enough to pay for information.
17117 cr points
Send Message: Send PM GB Post
28 / M
Offline
Posted 3/21/17

MysticGon wrote:

Well let's be honest, Google didn't give a fuck about privacy until it became good PR. Like Microsoft they'd gladly sell you out to the Feds or anyone rich enough to pay for information.


No joke.
35285 cr points
Send Message: Send PM GB Post
Offline
Posted 3/21/17 , edited 3/21/17

Rujikin wrote:
This is why open source is the way to go. These closed source companies don't even care about security even when severe holes and how they are exploited are given to them on a silver platter. Or perhaps they were paid off to keep the holes.



Rujikin wrote:
Experts have questioned whether the government would crack down on companies that took WikiLeaks up on their offer.


I like that your own post answers your question. >.>

Regardless of content, the CIA documents are still technically classified material. Accepting and working on classified material from Wikileaks is legally thorny for companies that have any government contracts. There's some legal asses that need to be covered first before they do anything here. Normally, such a thing probably wouldn't be prosecuted since it'd be a PR nightmare for the government. But Trump and Co are not adverse to PR nightmares and have a hard on for leaks. So who the hell knows.

It doesn't help that Assange is a political pariah ass deep in serious questions about himself and Russia.

14720 cr points
Send Message: Send PM GB Post
24 / M
Offline
Posted 3/21/17
But the internet told me he was assassinated...
You must be logged in to post.