top | item 12307833

(no title)

salem | 9 years ago

So it seems the dump contains at least one legit 0-day, and it's been in use for 3 years.

discuss

Which does at least HINT that it might be what it claims to be. That's a pretty impressive 0-day which they just gave away as a freebie, who knows what they didn't give away.

I will say we'll never get real confirmation if this was actually stolen from the NSA, but if the other bundle contains a bunch of nice original vulnerabilities people will presume it was.

moyix|9 years ago

Washington post got former NSA TAO employees to go on record (anonymously) confirming the leaked toolkit comes from NSA:

https://www.washingtonpost.com/world/national-security/power...

salem|9 years ago

Makes you wonder if they could have made more money by pretending to find them and reporting them to the respective bug bounty programs.

jonknee|9 years ago

> and it's been in use for 3 years.

At least 3 years.

ktRolster|9 years ago

This is why "responsible disclosure" is a joke. The flaws put in by these companies are not responsible. (Sometimes people make mistakes, but we're at the point of carelessness).