Category Archives: zeroday

NSO Group

Posted on by

We’re starting to see some information on the Israeli cyberweapons arms manufacturer that sold the iPhone zero-day exploit to the United Arab Emirates so they could spy on human rights defenders. EDITED TO ADD (9/1): There is criticism in the comments about me calling NSO Group an Israeli company. I was just repeating the news articles, but further research indicates… Continue reading NSO Group

iPhone Zero-Day Used by UAE Government

Posted on by

Last week, Apple issued a critical security patch for the iPhone: iOS 9.3.5. The incredible story is that this patch is the result of investigative work by Citizen Lab, which uncovered a zero-day exploit being used by the UAE government against a human rights defender. The UAE spyware was provided by the Israeli cyberweapons arms manufacturer NSO Group. This is… Continue reading iPhone Zero-Day Used by UAE Government

The NSA Is Hoarding Vulnerabilities

Posted on by

The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the Internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others’ computers. Those vulnerabilities aren’t being reported, and aren’t getting fixed, making your computers and… Continue reading The NSA Is Hoarding Vulnerabilities

Simultaneous Discovery of Vulnerabilities

Posted on by

In the conversation about zero-day vulnerabilities and whether "good" governments should disclose or hoard vulnerabilities, one of the critical variables is independent discovery. That is, if it is unlikely that someone else will independently discover an NSA-discovered vulnerability — the NSA calls this "NOBUS," for "nobody but us" — then it is not unreasonable for the NSA to keep that… Continue reading Simultaneous Discovery of Vulnerabilities