If she’s going for maximum damage, I am surprised this person doesn’t just announce when she’s found a big exploit, and then just sell it to up to 10 people, and then announce in very vague terms what the exploits are. (Like, “just sold exploit for windows defender” or “just sold way to hack into bitlocker”).
It seems like the vagueness of such things would make corporations more worried about being hacked and Microsoft could only guess as to what specific code was hacked, costing them greater resources.
Yes, it would be illegal, and therefore I hope she doesn’t do that and recommend against it. But I am just surprised, given the level of anger, that she has been approaching things in a way that is so easy to patch.
Is her approach more damaging the way she’s actually doing it?
Would it actually be illegal? Im not a lawyer or anything, but im not sure what crime it would be. Using the exploit to hack someone would be illegal, but I cant see why developing and selling an exploit would be
Its a fine line between getting revenge on Microsoft and screwing over human beings that trusted them. I wouldn’t be surprised if a bitlocker zero day got someone killed, given the number of people using it around the world.
Because people keep secrets on computers. You cave the combination of a tiny percentage of people who have secrets that are life threatening, and millions of people use bitlocker because its built into Windows. Its a tiny number times a huge number.
If I had to guess, that might include journalists who investigate authoritarian regimes, activists who keep their identity secret, and minorities who live in countries where their identity is a capital crime.
Then there are probably also governments who rely on bitlocker to secure the computers of people with state secrets like the identities of spies. Probably lots of other weird edge cases.
Image a dissidents hard drive and break into it later when an exploit drops. Selling to an exploit broker is even worse sense the individual would never know how or if a government intelligence agency got all their personal data because they expect it do be secured.
If she’s going for maximum damage, I am surprised this person doesn’t just announce when she’s found a big exploit, and then just sell it to up to 10 people, and then announce in very vague terms what the exploits are. (Like, “just sold exploit for windows defender” or “just sold way to hack into bitlocker”).
It seems like the vagueness of such things would make corporations more worried about being hacked and Microsoft could only guess as to what specific code was hacked, costing them greater resources.
Yes, it would be illegal, and therefore I hope she doesn’t do that and recommend against it. But I am just surprised, given the level of anger, that she has been approaching things in a way that is so easy to patch.
Is her approach more damaging the way she’s actually doing it?
Would it actually be illegal? Im not a lawyer or anything, but im not sure what crime it would be. Using the exploit to hack someone would be illegal, but I cant see why developing and selling an exploit would be
Its a fine line between getting revenge on Microsoft and screwing over human beings that trusted them. I wouldn’t be surprised if a bitlocker zero day got someone killed, given the number of people using it around the world.
How would it get someone killed?
Because people keep secrets on computers. You cave the combination of a tiny percentage of people who have secrets that are life threatening, and millions of people use bitlocker because its built into Windows. Its a tiny number times a huge number.
If I had to guess, that might include journalists who investigate authoritarian regimes, activists who keep their identity secret, and minorities who live in countries where their identity is a capital crime.
Then there are probably also governments who rely on bitlocker to secure the computers of people with state secrets like the identities of spies. Probably lots of other weird edge cases.
Image a dissidents hard drive and break into it later when an exploit drops. Selling to an exploit broker is even worse sense the individual would never know how or if a government intelligence agency got all their personal data because they expect it do be secured.