Tuesday, March 10, 2015

Guess Who Wasn't Invited to the CIA’s Hacker Jamboree?

Apple, that’s who. Or Microsoft, or any of the other vendors whose products US government contractors have successfully exploited according to a recent report in the Intercept. While we’re not surprised that the Intelligence Community is actively attempting to develop new spycraft tools and capabilities—that’s their job—we expect them to follow the administration’s rules of engagement. Those rules require an evaluation under what’s known as the “Vulnerabilities Equities Process.” In the White House’s own words, the process should usually result in disclosing software vulnerabilities to vendors, because “in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest.” Nevertheless, the Intercept article describes an annual CIA conference known as the Trusted Computing Base (TCB) Jamboree1 at which members of the intelligence community present extensively on software vulnerabilities and exploits to be used in spying operations.



Read more about Guess Who Wasn't Invited to the CIA’s Hacker Jamboree?

No comments:

Post a Comment