[liberationtech] Foxacid payload
Andy Isaacson
adi at hexapodia.org
Thu Jul 17 12:41:12 PDT 2014
On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
> > And once you've patched this bug, FOXACID will update to issue another
> > 0day.
> >
> > It's worth doing, for sure! Patching bugs makes us all incrementally
> > safer.
>
> this is exactly why some who have received these payloads are sitting
> on them, rather than disclosing.
Hmmm, that seems pretty antisocial and shortsighted. While the pool of
bugs is large, it is finite. Get bugs fixed and get developers to write
fewer bugs going forward, and we'll rapidly deplete the pool of 0day and
drive up the cost of FOXACID style deployments.
Forcing deployments to move to more interesting bugs will also give
insight into IAs' exploit sourcing methodologies.
Hasn't someone already created an open "FOXACID observatory" tracking
potential deployments of this and similar APT exploit deployments?
> it is more useful to mitigate privately, and observe how/when an
> exploit is used, than burn it publicly for zero effective security
> improvement.
That seems unlikely to be correct even in the medium term.
> (the less scrupulous would sell to highest bidder for other
> clandestine hacks)
You can always make a quick buck by screwing the public interest. :)
-andy
More information about the liberationtech
mailing list