Thursday, August 18, 2016

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days | WIRED

Also see NSA’s use of software flaws to hack foreign targets posed risks to cybersecurity (The Washington Post)
"A Cisco spokesperson confirmed that the NSA hadn’t previously reported the vulnerability the company is now patching. Given that the data stolen by Shadow Brokers appears to be three years old, that could mean the NSA may have used the hacking technique in secret for years—and possibly allowed it to fall into the hands of its adversaries for just as long.

Grossman argues that demonstrates the need for a more public debate over when the NSA should hoard zero days and when it should disclose them to vendors in order to improve the overall security of the internet. “I think they should be encouraged to have zero days at their disposal to accomplish their mission,” says Grossman. “But they should have a well-defined time after which they need to release them so we can properly defend ourselves.”"
The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days | WIRED

No comments: