top | item 28517384

(no title)

buddylw | 4 years ago

Security has always been relative. I feel much safer knowing that an exploit like this is worth hundreds of thousands or even millions of dollars.

It keeps them closely guarded and selective about use. All of that makes me an unlikely target and reduces individual risk.

discuss

heavyset_go|4 years ago

> I feel much safer knowing that an exploit like this is worth hundreds of thousands or even millions of dollars.

I don't. Look at how much companies like Apple pay out for responsible disclosure if they pay out at all, and then compare it to what exploits go for on the grey/black market. Typically the buyers have deep pockets and burning millions of dollars wouldn't make them blink.

dkokelley|4 years ago

Why does it matter if it’s the “good guys” or “bad guys” paying?

If a vulnerability only cost ~$100 then a malicious person could compromise an ex lover’s phone, for example. The fact that they are expensive means that their use is limited to targeted, strategic attacks. You don’t have to agree that those attacks are good, but surely pricing the average person out of 0-days is better than the alternative.

madeofpalk|4 years ago

But still, I feel relatively safe knowing/thinking that the Saudi government doesn’t want to hack my iPhone.

gitanovic|4 years ago

It makes me wonder how people like Bill Gates or Jeff Bezos use for their phone security.

For sure they are much more interesting targets than I am, therefore burning a few 0-days might be worth the effort.

thinkharderdev|4 years ago

Wasn't Bezos phone hacked by the Saudis?