For sale: A new Windows 8 zero-day vulnerability
-
French security company Vupen is selling a vulnerability in Microsoft's latest operation system and browser [ITworld]
I don't yet understand how hackers can live with themselves. :mad:
-
I don't yet understand how hackers can live with themselves. :mad:
Why not? What's to understand? No, seriously - if this response has the appearance of someone that is trolling, I apologise for my inability to better choose my words. Microsoft, Adobe [insert Corp name here] releases a product with proveable, re-producable errors in it. These flaws, and the understanding of how to exploit/avoid them are precious commodities - both for black-hat and white-hat types. In computing, as in entertainment - it is the size of the market that dictates something/someone's monetary value. That's why national sports-stars and performing music artists can command so much money for a single performance, that's why the value of such an exploit is so high - the affected market is _huge_ If MS aren't prepared to throw a couple of drops in the ocean (that is the cost of development) to protect it, why not sell it to somebody that does value it? You do realize I hope, that both the Stuxnet and the Flame virii made use of unpublished exploits. Exploits that then helped to offer access to the nuclear-enrichment control systems that Iran runs. Do you wonder how the writers of these virii, or the finders of the exploits that facilitated their activities live with themselves? I really am very curious as to just where you're coming from. :)
Make it work. Then do it better - Andrei Straut
-
French security company Vupen is selling a vulnerability in Microsoft's latest operation system and browser [ITworld]
-
Why not? What's to understand? No, seriously - if this response has the appearance of someone that is trolling, I apologise for my inability to better choose my words. Microsoft, Adobe [insert Corp name here] releases a product with proveable, re-producable errors in it. These flaws, and the understanding of how to exploit/avoid them are precious commodities - both for black-hat and white-hat types. In computing, as in entertainment - it is the size of the market that dictates something/someone's monetary value. That's why national sports-stars and performing music artists can command so much money for a single performance, that's why the value of such an exploit is so high - the affected market is _huge_ If MS aren't prepared to throw a couple of drops in the ocean (that is the cost of development) to protect it, why not sell it to somebody that does value it? You do realize I hope, that both the Stuxnet and the Flame virii made use of unpublished exploits. Exploits that then helped to offer access to the nuclear-enrichment control systems that Iran runs. Do you wonder how the writers of these virii, or the finders of the exploits that facilitated their activities live with themselves? I really am very curious as to just where you're coming from. :)
Make it work. Then do it better - Andrei Straut
An old lady pulls into her driveway and slowly unloads groceries. In the process, she accidentally leaves her purse on the hood of her car. It's now dark and there sits the purse - just brimming with cash. There are basically two types of people in the world: 1: One guy will steal the purse. 2: One guy will return the purse to the lady. The thief sees an opportunity to make some easy money. He tells himself the old lady had it coming. She made a mistake and the way to learn is to get burned. He figures she'll still be okay, it isn't like he beat her up or anything - she loses some cash but learns a valuable lesson. The hero sees an opportunity to serve. His joy is in helping a neighbor in need. We really need less of #1 in this world and more of #2, not only as individuals, but as companies. I really have no respect for opportunists - they are the worst interpretation of capitalism. There are quite a few of us that grow weary of this mindset. Sorry, but the other guy making a mistake isn't justification for crap behavior. So while I wish each individual at that company many blessings I hope the company and it's philosophy dies in a flaming vat of malaria.
-
French security company Vupen is selling a vulnerability in Microsoft's latest operation system and browser [ITworld]
eh depends on the vulnerability, and it's not a security firm cause they just lost access to MS detail information. Microsoft gives real / honest security firms added details / access to some of their underlying items, to try and ward off some of this stuff to begin with. When you bite the hand that feeds you, it stops feeding you. Not to mention exploits for sale have to be super deeply rooted or they rarely go anywhere, problem is exploits only work if the developer has no idea they are there. Once made publically aware you end the value of the exploit. Not to mention add so much risk one of Microsofts investigation teams which I hear are better than the CIA and FBI combined, will end up tracking you down, and sending you off to jail for long time. So... while it is probably a legit exploit that could of been a problem by taking the direction they did, it instantly lost all its possible value.
-
An old lady pulls into her driveway and slowly unloads groceries. In the process, she accidentally leaves her purse on the hood of her car. It's now dark and there sits the purse - just brimming with cash. There are basically two types of people in the world: 1: One guy will steal the purse. 2: One guy will return the purse to the lady. The thief sees an opportunity to make some easy money. He tells himself the old lady had it coming. She made a mistake and the way to learn is to get burned. He figures she'll still be okay, it isn't like he beat her up or anything - she loses some cash but learns a valuable lesson. The hero sees an opportunity to serve. His joy is in helping a neighbor in need. We really need less of #1 in this world and more of #2, not only as individuals, but as companies. I really have no respect for opportunists - they are the worst interpretation of capitalism. There are quite a few of us that grow weary of this mindset. Sorry, but the other guy making a mistake isn't justification for crap behavior. So while I wish each individual at that company many blessings I hope the company and it's philosophy dies in a flaming vat of malaria.
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter) Look, I agree - if the world was filled with #2 type of people then it would be a truly awe-inspiring, wonderful place to live. I think it's entirely impossible to have too many of them. It's the #2s that make CodeProject and other sites like it flourish. Each of us benefits from that. However as far as I'm concerned, your analogy while quite good, falls short of accurately modelling the situation being discussed. Neither person #1 nor person #2 could have _their_ privacy breached as a result of the lady's forgetfulness. Many millions of people stand to suffer as a result of these flaws Microsoft keeps asking us to beta test. The little old lady is not only unlikely, but also not suspected to be building Molotov cocktails in her garden shed, ready to assault the neighbourhood. With that in mind, there is no perceivable benefit for the community at large by failing to reveal to her that she's left her purse out - and in so doing so, granted access to her home to anybody with her details. Furthermore, do you think the little old lady would then stroll out to collect her purse at a time that was convenient to her, regardless of the harm that may be caused to her neighbours/people in her phone-book in the time that the purse is not in her hands? Some companies have a history of being very slow to implement fixes, even after the exploits have been made public - I'm looking right at you Adobe.. Until such a time that Microsoft, Adobe et al try to buy the exploit details AND are refused, I think they're simply reaping what they've already sown. It's our data and our lives they're elephanting with - if they can't be bothered doing it in a secure manner, and are to bull-headed (stubborn) to pay for someone else to do their homework for them, elephant em. I equally curious as to just why it is that wish them to die a horrible death. Is it any of the following: a) They search for exploits b) They charge for their time and work c) They do it in part as a way of beating the offending company. How about releasing info on how to gain root-access to your Android or iPhone? Is that done by those deserving a death in brimstone too? What about those that are reported to be in
-
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter) Look, I agree - if the world was filled with #2 type of people then it would be a truly awe-inspiring, wonderful place to live. I think it's entirely impossible to have too many of them. It's the #2s that make CodeProject and other sites like it flourish. Each of us benefits from that. However as far as I'm concerned, your analogy while quite good, falls short of accurately modelling the situation being discussed. Neither person #1 nor person #2 could have _their_ privacy breached as a result of the lady's forgetfulness. Many millions of people stand to suffer as a result of these flaws Microsoft keeps asking us to beta test. The little old lady is not only unlikely, but also not suspected to be building Molotov cocktails in her garden shed, ready to assault the neighbourhood. With that in mind, there is no perceivable benefit for the community at large by failing to reveal to her that she's left her purse out - and in so doing so, granted access to her home to anybody with her details. Furthermore, do you think the little old lady would then stroll out to collect her purse at a time that was convenient to her, regardless of the harm that may be caused to her neighbours/people in her phone-book in the time that the purse is not in her hands? Some companies have a history of being very slow to implement fixes, even after the exploits have been made public - I'm looking right at you Adobe.. Until such a time that Microsoft, Adobe et al try to buy the exploit details AND are refused, I think they're simply reaping what they've already sown. It's our data and our lives they're elephanting with - if they can't be bothered doing it in a secure manner, and are to bull-headed (stubborn) to pay for someone else to do their homework for them, elephant em. I equally curious as to just why it is that wish them to die a horrible death. Is it any of the following: a) They search for exploits b) They charge for their time and work c) They do it in part as a way of beating the offending company. How about releasing info on how to gain root-access to your Android or iPhone? Is that done by those deserving a death in brimstone too? What about those that are reported to be in
enhzflep wrote:
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter)
You've managed to identify a guy who is even a bigger creep than the outright thief. You're so replused by it you claimed you'd follow the guy home - ostensibly to administer punishment. It really isn't another matter, it is the point. Hopefully karma will follow this company home with a Louisville slugger and spend some quality time there.
-
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter) Look, I agree - if the world was filled with #2 type of people then it would be a truly awe-inspiring, wonderful place to live. I think it's entirely impossible to have too many of them. It's the #2s that make CodeProject and other sites like it flourish. Each of us benefits from that. However as far as I'm concerned, your analogy while quite good, falls short of accurately modelling the situation being discussed. Neither person #1 nor person #2 could have _their_ privacy breached as a result of the lady's forgetfulness. Many millions of people stand to suffer as a result of these flaws Microsoft keeps asking us to beta test. The little old lady is not only unlikely, but also not suspected to be building Molotov cocktails in her garden shed, ready to assault the neighbourhood. With that in mind, there is no perceivable benefit for the community at large by failing to reveal to her that she's left her purse out - and in so doing so, granted access to her home to anybody with her details. Furthermore, do you think the little old lady would then stroll out to collect her purse at a time that was convenient to her, regardless of the harm that may be caused to her neighbours/people in her phone-book in the time that the purse is not in her hands? Some companies have a history of being very slow to implement fixes, even after the exploits have been made public - I'm looking right at you Adobe.. Until such a time that Microsoft, Adobe et al try to buy the exploit details AND are refused, I think they're simply reaping what they've already sown. It's our data and our lives they're elephanting with - if they can't be bothered doing it in a secure manner, and are to bull-headed (stubborn) to pay for someone else to do their homework for them, elephant em. I equally curious as to just why it is that wish them to die a horrible death. Is it any of the following: a) They search for exploits b) They charge for their time and work c) They do it in part as a way of beating the offending company. How about releasing info on how to gain root-access to your Android or iPhone? Is that done by those deserving a death in brimstone too? What about those that are reported to be in
While in theory I don't disagree with "teaching companies a lesson," it's that "Holier than thou, self righteous" attitude that does harm instead of good. You really think MS or Adobe are hurt by having millions of people's privacy and security breached. Heck no, they'll keep on trucking just like they have. People might get mad for a bit, but they'll still live on. No. The people who are hurt are the ONES WHOSE INFORMATION IS STOLEN! I'm sick and tired of hackers releasing personal information into the wild to the highest bidder under the guise of, "We're teaching {MS, Adobe, Sony, etc} a lesson." Bull crap, call it what it is. They want profit and recognition, and don't really care about the people they are "helping by revealing flaws so companies will fix errors." Yes, MS et. al. need to be held responsible, but be realistic about what you are advocating.
- Freedom is the right of all sentient beings.
-
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter) Look, I agree - if the world was filled with #2 type of people then it would be a truly awe-inspiring, wonderful place to live. I think it's entirely impossible to have too many of them. It's the #2s that make CodeProject and other sites like it flourish. Each of us benefits from that. However as far as I'm concerned, your analogy while quite good, falls short of accurately modelling the situation being discussed. Neither person #1 nor person #2 could have _their_ privacy breached as a result of the lady's forgetfulness. Many millions of people stand to suffer as a result of these flaws Microsoft keeps asking us to beta test. The little old lady is not only unlikely, but also not suspected to be building Molotov cocktails in her garden shed, ready to assault the neighbourhood. With that in mind, there is no perceivable benefit for the community at large by failing to reveal to her that she's left her purse out - and in so doing so, granted access to her home to anybody with her details. Furthermore, do you think the little old lady would then stroll out to collect her purse at a time that was convenient to her, regardless of the harm that may be caused to her neighbours/people in her phone-book in the time that the purse is not in her hands? Some companies have a history of being very slow to implement fixes, even after the exploits have been made public - I'm looking right at you Adobe.. Until such a time that Microsoft, Adobe et al try to buy the exploit details AND are refused, I think they're simply reaping what they've already sown. It's our data and our lives they're elephanting with - if they can't be bothered doing it in a secure manner, and are to bull-headed (stubborn) to pay for someone else to do their homework for them, elephant em. I equally curious as to just why it is that wish them to die a horrible death. Is it any of the following: a) They search for exploits b) They charge for their time and work c) They do it in part as a way of beating the offending company. How about releasing info on how to gain root-access to your Android or iPhone? Is that done by those deserving a death in brimstone too? What about those that are reported to be in
-
An old lady pulls into her driveway and slowly unloads groceries. In the process, she accidentally leaves her purse on the hood of her car. It's now dark and there sits the purse - just brimming with cash. There are basically two types of people in the world: 1: One guy will steal the purse. 2: One guy will return the purse to the lady. The thief sees an opportunity to make some easy money. He tells himself the old lady had it coming. She made a mistake and the way to learn is to get burned. He figures she'll still be okay, it isn't like he beat her up or anything - she loses some cash but learns a valuable lesson. The hero sees an opportunity to serve. His joy is in helping a neighbor in need. We really need less of #1 in this world and more of #2, not only as individuals, but as companies. I really have no respect for opportunists - they are the worst interpretation of capitalism. There are quite a few of us that grow weary of this mindset. Sorry, but the other guy making a mistake isn't justification for crap behavior. So while I wish each individual at that company many blessings I hope the company and it's philosophy dies in a flaming vat of malaria.
MehGerbil wrote:
An old lady pulls into her driveway and slowly unloads groceries.
In the process, she accidentally leaves her purse on the hood of her car.
It's now dark and there sits the purse - just brimming with cash.Your analogy is flawed. It also ignores that the person wandering by need not do anything at all (neither steal nor tell her.) A much better analogy... An old lady runs a profitable, very profitable, dress shop. And she drives other thriving shops out of business either by buying them out or by reproducing wares and undercutting the price. Someone walks by every day, every hour, for a year and spends time looking for an open vent. And then they ask to be paid, by anyone, for the work that had done (every day for a year.) And note that they did not in fact use the vent.
-
While in theory I don't disagree with "teaching companies a lesson," it's that "Holier than thou, self righteous" attitude that does harm instead of good. You really think MS or Adobe are hurt by having millions of people's privacy and security breached. Heck no, they'll keep on trucking just like they have. People might get mad for a bit, but they'll still live on. No. The people who are hurt are the ONES WHOSE INFORMATION IS STOLEN! I'm sick and tired of hackers releasing personal information into the wild to the highest bidder under the guise of, "We're teaching {MS, Adobe, Sony, etc} a lesson." Bull crap, call it what it is. They want profit and recognition, and don't really care about the people they are "helping by revealing flaws so companies will fix errors." Yes, MS et. al. need to be held responsible, but be realistic about what you are advocating.
- Freedom is the right of all sentient beings.
vaderjm wrote:
You really think MS or Adobe are hurt by having millions of people's privacy and security breached. Heck no
I disagree. If they didn't think that there wasn't some impact then they wouldn't issue fixes at all.
vaderjm wrote:
Yes, MS et. al. need to be held responsible, but be realistic about what you are advocating.
I didn't see that in what you responded to. Rather it pointed out that there is no guarantee and rather some evidence to the contrary that a private disclousure will result in a timely fix, one that would protect the user, and there is the possibility that a private disclosure could lead to a negative impact for the person that attempts to tell the offending party. That does in fact happen. A public disclosure insures that the offending party can do nothing but take action (or do nothing) rather than attempting to silence the source.
-
vaderjm wrote:
You really think MS or Adobe are hurt by having millions of people's privacy and security breached. Heck no
I disagree. If they didn't think that there wasn't some impact then they wouldn't issue fixes at all.
vaderjm wrote:
Yes, MS et. al. need to be held responsible, but be realistic about what you are advocating.
I didn't see that in what you responded to. Rather it pointed out that there is no guarantee and rather some evidence to the contrary that a private disclousure will result in a timely fix, one that would protect the user, and there is the possibility that a private disclosure could lead to a negative impact for the person that attempts to tell the offending party. That does in fact happen. A public disclosure insures that the offending party can do nothing but take action (or do nothing) rather than attempting to silence the source.
jschell wrote:
A public disclosure insures that the offending party can do nothing but take action (or do nothing) rather than attempting to silence the source.
I appreciate your response, and in reading what you wrote, I don't think you quite understand what I was trying to say. I completely agree that the vulnerabilities themselves need to be made public so that the offending party is forced to take action, and that a negative impact can and does happen to persons making private disclosures. Your post is indeed correct to that point. Perhaps when I responded initially I should have clarified that I was not speaking of the vulnerability itself but the data being stolen through the breach. What good would come to the "users" in having personal data sold to the highest bidder? Quoting your other post:
jschell wrote:
And note that they did not in fact use the vent.
We're on the same page.
-
Why not? What's to understand? No, seriously - if this response has the appearance of someone that is trolling, I apologise for my inability to better choose my words. Microsoft, Adobe [insert Corp name here] releases a product with proveable, re-producable errors in it. These flaws, and the understanding of how to exploit/avoid them are precious commodities - both for black-hat and white-hat types. In computing, as in entertainment - it is the size of the market that dictates something/someone's monetary value. That's why national sports-stars and performing music artists can command so much money for a single performance, that's why the value of such an exploit is so high - the affected market is _huge_ If MS aren't prepared to throw a couple of drops in the ocean (that is the cost of development) to protect it, why not sell it to somebody that does value it? You do realize I hope, that both the Stuxnet and the Flame virii made use of unpublished exploits. Exploits that then helped to offer access to the nuclear-enrichment control systems that Iran runs. Do you wonder how the writers of these virii, or the finders of the exploits that facilitated their activities live with themselves? I really am very curious as to just where you're coming from. :)
Make it work. Then do it better - Andrei Straut
enhzflep wrote:
Do you wonder how the writers of these virii, or the finders of the exploits that facilitated their activities live with themselves?
I realize that most everyone that does hacking, viruses, spyware, etc... is in it for the money. And I realize that money is a powerful motivator. However, I don't think I could live with myself if I knew was endangering other people (or their electronic lives). It's just not something I can fathom doing.
-
enhzflep wrote:
Do you wonder how the writers of these virii, or the finders of the exploits that facilitated their activities live with themselves?
I realize that most everyone that does hacking, viruses, spyware, etc... is in it for the money. And I realize that money is a powerful motivator. However, I don't think I could live with myself if I knew was endangering other people (or their electronic lives). It's just not something I can fathom doing.
It's because I agree with your 2nd line, that I think the Stuxnet and Flame virii were the lesser of a number of evils. In planting the virii, the time taken to successfully enrich uranium in Iran was increased. Thus, providing more time to analyze the threat (perceived or real) posed by a rogue state controlling nuclear materials. A quite possible alternative would have involved bombing the place into oblivion in the dead-of-night, much to the detriment of any staff in the facility at the time. Israel has certainly done that kind of thing before. But, that's all a small facet of the problem at hand - it would be a shame to inflate it's importance (I hope I haven't been seen to do so) Thank-you for your thoughts, GeekForChrist. I appreciate them. :)
Make it work. Then do it better - Andrei Straut
-
While in theory I don't disagree with "teaching companies a lesson," it's that "Holier than thou, self righteous" attitude that does harm instead of good. You really think MS or Adobe are hurt by having millions of people's privacy and security breached. Heck no, they'll keep on trucking just like they have. People might get mad for a bit, but they'll still live on. No. The people who are hurt are the ONES WHOSE INFORMATION IS STOLEN! I'm sick and tired of hackers releasing personal information into the wild to the highest bidder under the guise of, "We're teaching {MS, Adobe, Sony, etc} a lesson." Bull crap, call it what it is. They want profit and recognition, and don't really care about the people they are "helping by revealing flaws so companies will fix errors." Yes, MS et. al. need to be held responsible, but be realistic about what you are advocating.
- Freedom is the right of all sentient beings.
Thanks for your thought vaderjm, No, the security breach in and of itself doesn't really hurt the large corporations (it embarrasses them perhaps, but does not cause blood-loss). What does hurt however, is declining sales due to people's lack of confidence in their products. Agree - it is the people whose information is actually stolen in the end-game that are truly hurt by the process. I would argue that the process has a rough analogue in the arms manufacturing industry. You have powder manufacturers, bullet manufacturers, gun manufacturers. It is only through a chain of events that the products of each of the three are brought together, before somebody is shot. It appears naive to place them blame on any of the three companies - it is through the application of their products that harm may be caused - or in the case of LE officers or armies, that a reduction in harm may be effected. But that harm is caused or prevented by the last entity in the chain - the one with the gun. I simply advocate that if they release buggy products and refuse to either or both (a) fix them (b) pay someone else for the time taken to check their work for flaws, that they deserve to be beaten with a stick. Once that stick has been used, I would then apply it 10-fold to anybody that stole my information. Releasing information about the flaws in a product? +10 Using information to steal personal info, then releasing it? -10
Make it work. Then do it better - Andrei Straut
-
MehGerbil wrote:
An old lady pulls into her driveway and slowly unloads groceries.
In the process, she accidentally leaves her purse on the hood of her car.
It's now dark and there sits the purse - just brimming with cash.Your analogy is flawed. It also ignores that the person wandering by need not do anything at all (neither steal nor tell her.) A much better analogy... An old lady runs a profitable, very profitable, dress shop. And she drives other thriving shops out of business either by buying them out or by reproducing wares and undercutting the price. Someone walks by every day, every hour, for a year and spends time looking for an open vent. And then they ask to be paid, by anyone, for the work that had done (every day for a year.) And note that they did not in fact use the vent.
-
enhzflep wrote:
You forgot the third type - the guy that walked past afterwards or even watched the lil' old lady unpack her things and leave her purse there. For a sum of just $5, he offers to tell her something that would be very much to her advantage. (Personally, I'd pay the b@stard then follow them home, but that's another matter)
You've managed to identify a guy who is even a bigger creep than the outright thief. You're so replused by it you claimed you'd follow the guy home - ostensibly to administer punishment. It really isn't another matter, it is the point. Hopefully karma will follow this company home with a Louisville slugger and spend some quality time there.
I disagree that the person that has asked for $5 in exchange for some valuable information is a bigger creep than the person that actually took the money. One of the 2^24 grey areas, I reckon - a personal judgement, if you will. I'd beat the elephant out of the thief on the spot. If person #3 asks for the money and is refused, before saying "C'est la vie" and walking away - they're a hundred million moral miles in front of the bugger that actually stole it. I'd actually follow them home so that they knew if they tried something like that again, they're not anonymous and I have the capability to effect a devastating punishment should occasion to do so arise. That's what some ISPs do to copyright infringers. They determine the behaviour has occurred in the past and send a 'we know where you live, and what you've been doing - don't do it again' type message. Future indiscretions are met with a hefty kick in the backside. Perfect! I have myself, paid for information in a similar circumstance in the past - somebody knew a trick involving my garage door. For the paltry price of a can of beer, I was informed that they have a flaw that enables them to be opened, even when locked. I fixed the problem in 5 mins. I have since found attempted intrusion marks on the door after returning from holidays. That was $2.85 well spent. Thank-you for your well considered thoughts MehGerbil. Sharing of thoughts and ideas is a great thing unless somebody begins to become unpleasant and to make personal attacks (which I've not recognised an instance of in this discussion) - a perfect opportunity to understand and learn from our fellow man.:thumbsup:
Make it work. Then do it better - Andrei Straut
-
Thanks for your thought vaderjm, No, the security breach in and of itself doesn't really hurt the large corporations (it embarrasses them perhaps, but does not cause blood-loss). What does hurt however, is declining sales due to people's lack of confidence in their products. Agree - it is the people whose information is actually stolen in the end-game that are truly hurt by the process. I would argue that the process has a rough analogue in the arms manufacturing industry. You have powder manufacturers, bullet manufacturers, gun manufacturers. It is only through a chain of events that the products of each of the three are brought together, before somebody is shot. It appears naive to place them blame on any of the three companies - it is through the application of their products that harm may be caused - or in the case of LE officers or armies, that a reduction in harm may be effected. But that harm is caused or prevented by the last entity in the chain - the one with the gun. I simply advocate that if they release buggy products and refuse to either or both (a) fix them (b) pay someone else for the time taken to check their work for flaws, that they deserve to be beaten with a stick. Once that stick has been used, I would then apply it 10-fold to anybody that stole my information. Releasing information about the flaws in a product? +10 Using information to steal personal info, then releasing it? -10
Make it work. Then do it better - Andrei Straut
