They did play it up quite a bit, I remember being annoyed at the stories of how tough she was with her in-office daycare and support staff for her newborn while other non-celebrity women I know had to order their whole lives around a pumping schedule.
Sorry, I wasn't trying to imply that. I don't think she was a diversity checkbox so much as a 'small world in silicon valley' unmeritorious hire, with the diversity checkbox as maybe a small plus.
She didn’t compete. She was a placement pick coming from google where she was essentially a non contributing member of the google adwords leadership team.
This is great news. The more people in power have been hit, the more repercussions we can hope for.
One possible way to force a bit of scrutiny upon NSO group would be to crowdfund an Pegasus subscription and use it against Netanyahu.
Any serious suggestions what we can do to ensure that in the long run there will be less and not more "Hacking for hire" companies lending their tools for use against journalists and the opposition?
Shit will really hit the fan when the "ransomware as a service" discovers the "targeted surveillance as a service" business model.. Interesting times to be alive.
Can we really say "targeted surveillance as a service" isn't already a booming business though? Camera feeds and device breadcrumbs from wireless devices incl. iphone & android, watches, headphones, vehicle toll tags, etc. are aggregated from every big name store, street camera, doorbell camera, etc. and processed by handful of companies that aggregate facial and location data for marketing and trend analysis. Police subscribe to these same services to track people, or get access through warrants if subscription isn't an option.
News articles talking about the massive aggregation of data come up every now and then, but I don't think the general public understands it well enough to be angry let alone scared. They may not have a name to a face, but guaranteed if you've been in a public place in the past few years, there's a record somewhere that you were there.
What may be more frightening is that it's untargeted
The UK has cameras on every block that are staffed by a person watching them. I'm not usually a betting man, but I'd bet they're going to toss this job to software one day and every other nation that lags behind them as a surveillance or nanny state will attempt to follow suit.
No we don’t. 80% of the cameras out there in your statistic don’t actually exist. From what remains, 25% are dummies, 25% don’t work, 25% are potato quality and what remains are staffed by people who aren’t even paying attention.
It’s a typical British implementation of surveillance. The only winners are CCTV installers.
"every block" was a bit of hyperbole, but any American would be shocked at this visibility and acceptance of these kind of cameras. You can argue that the quality makes them ineffective right now but that can be iterated on, especially as cost is reduced. I don't think it's an unreasonable thing to express a good deal of concern over.
> The more people in power have been hit, the more repercussions we can hope for.
This reminds me of a story I heard at a presentation when working at a bank. A politician was going through a closing process for property he was purchasing. He had an issue and found out that the banks automatically tac on PMI for his type of loan, regardless of loan to value ratios.
A year later, their state passed legislation saying PMI cannot be forced on mortgaged loans with certain ratios and must be disclosed before closing.
There exists a saying in Icelandic exactly for this situation; 'it matters if you are reverand John or just plain John' (is. 'það er ekki sama hvort er Jón eða séra Jón')
For reference, normally banks mandate that stuff when the loan to value (LTV) ratio is very high. Meaning they didn't put a large down payment there. It's insurance you pay so that in case you quit paying or cant, the bank can recoup their losses. Essentially you're forced to pay to insure the bank's investment. Now normally you can remove it once you reach whatever LTV the financial has in their policy (usually 75-80%), but at the time when the politician was dealing with it, you basically had it on for the "life of loan."
This argument can be applied to anything: “everyone must have or experience the same government thing because otherwise the government provided good will be shitty.”
The counter-argument is the same in all places too, which is that: “freedom is good, so you should have a really good reason for restricting it and restrict it as little as possible, and this isn’t a good enough reason because it probably won’t work out like you intend”
Here's another one. A small town mayor got raided by the state SWAT over marijuana (package shipped to wrong address, at that). Himself and his mother-in-law were handcuffed and held at gunpoint for several hours in their underwear, and his two dogs shot. The mayor went on to sponsor a bill that required all police departments with SWAT teams to publish reports on how often they're deployed, and the reasons for deployments - which showed that the vast majority of SWAT raids are to serve search warrants in non-violent crimes, mostly drugs. Despite strong opposition from law enforcement, the bill passed.
One possible way to force a bit of scrutiny upon NSO group would be to crowdfund an Pegasus subscription and use it against Netanyahu.
I think it's naive to think this has any chance to succeed. This company is in a close relationship with israeli intelligence. As close as imaginable imho. Every target is vetted. The "surveillance as a service" thing is only marketing. It's just a private intelligence agency hacking people for profit without any ethics.
I'd be quite surprised is someone who lost/had stolen and then recovered a nuc would admit to this taking place. I really don't think we would know if this had happened.
Last time when this quote was posted on HN, consens turned out to be that its is quite unclear if it was ever say. I remember this as i really wanted to belief that the story was was true but ended up thinking it rather no true.. Unlike in the article you linked to, last time the conclusion was that the source recalled overhearing Nixon two decades ago, and thus was deemed quite unreliable at best - Anyone know more than me about this?
It’s obviously a made-up posthumous quote. Nobody who cared about their image (as John Ehrlichman clearly did) was using “blacks” instead of Jesse Jackson’s “African Americans” while talking to journalists in 1994.
First and foremost, the original vendor is always the most ethical place to sell it. That's where you stand the best chance of having it fixed for affected users. Second to the vendor are third parties that report vulnerabilities to the vendor by selling early warnings as a service. I don't know if I would recommend ZDI, they provide zero guidance for what their payout ranges are. There are security companies that purchase zerodays to write about them for PR, which also fixes the issue. And finally there's selling it to branches of the US government with license restrictions and a blanket exclusion for the NSA.
Beyond those buyers, the lines start to blur (defense contractors, companies in countries allied with the US e.g. FVEY). I would not recommend it either. Unethical buyers have completely different interests. I know Zerodium for one is a terrible place to sell to (you may be a target), and anything that is sold to Crowdfense is likely to be used against American interests.
My take away advice is, you can choose between painting a target on your front or one on your back.
When you say "one could be targeted/painting an target on one self" what does this imply? Basically that some group, most likely a nation state actor might hack my systems in the hope to see what else i have and who i am selling to?
Or rather that when i cross the wrong broader in to the wrong country that i might disappear?
Who do companies like ZDI sell early warnings to? I don't quite understand how a vulnerability could be worth more to them than the vendor who could fix it (assuming they don't somehow abuse the vulnerability).
Because ZDI negotiate. As a bug bounty participant in the official programs, you aren't allowed to negotiate.
ZDI, on the other hand can say: "We want $10M for this iOS zero day, or we don't report it to you." And the process of negotiation goes back and forth, but the end result is, Apple will pay considerably more to ZDI than through the direct program.
Correct me if i am wrong. I think another reason why ZDI maybe could pay more is because they also have other paying customers that pay for IDS/IPS subscription.
