Cyber-arms dealer offers $1m for zero-day Tor hacks


#1

Originally published at: https://boingboing.net/2017/09/13/vichy-nerds.html


#2

It’s easy to imagine the kind of repressive scumbag regimes these sleazeballs count as clients.


#3

image


#4

Since Nesus & Metasploit are available commercially, does that qualify those vendors as cyber-arms dealers as well?


#5

I’ll bet they want those exploits…too bad Tor’s developers aren’t lazy and unimaginative.


#6

Why don’t software manufacturers offer their own bounty? Is it simply because of the implicit admission their products could be imperfect?


#7

Lots of software companies do have bug bounty programs.


#8

It’s also easy to imagine the kind of regime that allows this kind of a-moral firms to exist unhindered.

I know, I know, this is the same for any weapons firm. And my opinion on all governments allowing weapons firms as private for-profit corporations is also the same.

Still, it feels wrong that a firm like this can exist out in the open.


#9

Tor, Tails and the like are open source projects, they don’t have the funds to offer a bounty like this.

Now what would be really interesting, if Tor would introduce a exploit on purpose, make it really short lived or only functional in specific testing situations. Create a hacker alias, claim the bounty and close the exploit. Suddenly this cash strapped, practically volunteer run organization, has a major cash injection, received from the same unethical people that are looking to screw them over.


#NeedsMoreLikes (formerly known as "All the Likes")
#10

Yes? Not sure what the question is really.


#11

Headline hyperbole


#12

It’s not really inaccurate in any way though.

Anyone who sells ‘arms’ is an ‘arms dealer’. Just because we usually use that term for organisations like Thales, Lockheed Martin, BAE or for dodgy back-alley people selling guns to people we don’t like doesn’t mean it doesn’t apply here - or to the organisations you referred to.


#13

How is this not a direct violation of the Computer Fraud and Abuse Act?


#14

This topic was automatically closed after 5 days. New replies are no longer allowed.