[Wikimedia-l] law enforcement buying vulnerabilities on black market & leaving them unreported for surveillance
Seb35
seb35wikipedia at gmail.com
Tue Aug 20 11:49:33 UTC 2013
I aggree with JP Béland: the computer security obviously affects the
Wikimedia users, but imho we shouldn’t do more than we can and let the
responsability of their own security to the users -- although we should
contribute for a decent security.
For the specific topic you brought about 0-days, I’m not personnaly
surprised, this type of market was revealed some time ago, see for
instance
<http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/>.
~ Seb35
Le Tue, 20 Aug 2013 07:30:09 +0200, JP Béland <lebo.beland at gmail.com> a
écrit:
> I'm not sure what is your point here. How exactly readers of Wikimedia
> projects are at risk here because of that story? Are you trying to say it
> is the Foundation responsibility to protect the readers from the
> vulnerabilities of their operating systems?
>
> JP Béland
>
>
>
> 2013/8/19 James Salsman <jsalsman at gmail.com>
>
>> While the trickling release of Edward Snowden's revelations from bad to
>> worse in weekly incremental steps has been enormously effective in
>> swaying
>> public opinion, it has made formulating a meaningful response very
>> difficult.
>>
>> A few weeks ago we learned that the FBI has been purchasing personal
>> computer operating system vulnerabilities from gray and black-hat
>> hackers
>> on the black market, often for several tens of thousands of dollars
>> each,
>> and leaving them unreported and thereby unpatched for use in future
>> surveillance operations:
>> http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/
>>
>> Unfortunately, this means that the vulnerabilities remain available to
>> the
>> criminal computer crime underground, affecting everyone including
>> Foundation project readers and contributors alike.
>>
>> Very recently a well respected group of researchers characterized this
>> state of affairs as "preferable" to the complexity of additional
>> surveillance network and systems infrastructure:
>> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107
>>
>> This is a false dichotomy which directly places Foundation project
>> readers
>> and editors at risk, but does so along with virtually everyone else who
>> uses personal computer or smartphone equipment. However, I think it is
>> an
>> important aspect to address because none of the other recent
>> eavesdropping
>> revelations put people at risk to organized computer crime, blackmail,
>> and
>> extortion in the same way.
>>
>> Is there any reason to exclude action on a particular issue just
>> because it
>> effects everyone else along with our users?
>> _______________________________________________
>> Wikimedia-l mailing list
>> Wikimedia-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>
More information about the Wikimedia-l
mailing list