back to article US still hoarding zero-day app vulnerabilities, say EFF campaigners

The Electronic Frontiers Foundation reckons America's spooks aren't living up to the Obama administration's 2014 statement that it would disclose more vulnerabilities than it hoarded. In April 2014, the administration told the world it would only keep vulnerabilities back where its spooks thought it was vital for intelligence …

  1. Ole Juul

    The NSA

    is a vulnerability

    1. NoneSuch Silver badge

      If the NSA has them...

      ...then others, probably foreign governments, have them too.

  2. veti Silver badge

    So to sum up...

    "... We'll only hold back vulnerabilities if we think they might be useful."

    Pinky swear, presumably.

    I love it when bureaucrats make promises like that. You just know they've had a Full & Frank Exchange of Views with a politician somewhere, and the bureaucrat has come out firmly on top.

  3. Anonymous Coward
    Anonymous Coward

    EFF is pointless

    At this point it should be plainly obvious that the state power structure exists completely outside of this concept the EFF sees as the 'legal system'. Filing lawsuits, sending petitions, forming Facebook campaigns shows a naive ignorance of the true nature of the legal and electronic reality that the U.S. citizen lives in.

    The EFF is a relic of a time when there was a functioning justice system.. they are so hopelessly outmatched it's kind of sad to see this kind of activity still going on. The leadership in this group has obviously not internalized the technological reality that Snowden has revealed.

    This is kind of like NATO sending that sad little convoy through Eastern Europe to 'send a message' to Putin, who has hypersonic EMP missiles on standby that can rewrite the entire European geopolitical reality in a few hours. The West has been hopelessly outmatched at pretty much all levels.

    1. Mark 85 Silver badge

      Re: EFF is pointless

      You came close there but have an upvote anyway... NATO at least has some military might. This is more like the UN stomping their feet and shouting: "Hey.. you over there. Stop that war. Do you hear us? We're condemning you!".

      1. Anonymous Coward
        Anonymous Coward

        Re: EFF is pointless

        It is only pointless because they are vastly outnumbered and fighting a foe with unlimited resources: AKA city hall, the MIC or public apathy, take your pick.

        That does not make their message valueless. As long as there are a few voices shouting out that "this is wrong", there is still some hope. Otherwise, we might as well just roll over and accept our virtual serf status.

        I'll take the red pill, please.

    2. Looper

      Re: EFF is pointless

      No. It is not. However comments such as yours are.

      The EFF and others bring to light the gravity of the situation to far more ignorant masses than would otherwise be the case.

      They push the buttons of the NSA et al to prove to those who care how underhanded they those types actually are. Without this continuous pressure, publicity, outrage, AND legal process, the white-washing would soon have the ignorant many back thinking that everything is normal again.

      The EFF will NEVER let that happen, so long as the unethical (you included) are taking the piss.

  4. Anonymous Coward
    Anonymous Coward

    zero days, AETs, malware callbacks

    There are two companies who publicise the latest vulnerabilities - Kapersky and FireEye. Between them most significant threats are known. Having said that you need their technology services to prevent immediate intrusion using the threats.

    1. Dan Paul

      Re: zero days, AETs, malware callbacks

      And you cant quite sure of whose side THEY are on, either.

      In fact, there are NO manufacturers of anti-virus or other security software that are blameless.

      If you can't get positive indication of ALL vulnerabilities; is that the Security vendor letting the fox have the keys to the henhouse? Or are they just incompetent?

      1. Mark 85 Silver badge

        Re: zero days, AETs, malware callbacks

        "If you can't get positive indication of ALL vulnerabilities; is that the Security vendor letting the fox have the keys to the henhouse? Or are they just incompetent?"

        Perhaps they only get indications on the viruses they wrote themselves? I do question some of these AV's and their "OMG...we found XXX" with the implied "we're the only ones who can detect it".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021