Um, I know of at least two woman involved...
Um, no, the most reliable ways were other than 0days. Frankly, the way the NSA tapped most of the world's infrastructure was simply to bribe/threaten people for access.
Hmmm. I don't remember any accurate information about how the 0day market worked. What I saw was various departments bragging about capabilities they didn't really have, while those that did -- did so silently.
Yes, there was the Dual_EC_DBRG scandal, and the NSA rarely did much to disclose vulns, but they didn't do anything to "ensure" vulns wouldn't be disclosed by others.
Even though I'm widely known to have been involved, she never contacted me. Of course, I'd never tell her anything that I haven't said publicly.

There's no nefarious reason people won't talk other than the fact they are honorable, and won't violate oaths of secrecy.
This is hot garbage. There's no secret here worth threatening anybody. Sure, low-level flunkies like to imply threats to people, but that's because they are morons who'd get in trouble if their statements were outed to their superiors.
This is somewhat accurate. It's how you know that for most purposes, I'm not longer involved (I don't want that sort of business and hate getting sucked in). But it's the same as for most government work that demands discretion -- they want discretion.
BTW, because most people are honorable and pay attention to their secrecy oaths, the only people who'd talk to a reporter are braggarts and discontents. This is exactly what reporters want, to sensationalize things and fit the pre-conceived narrative that 0days are bad.
0days are good: Stuxnet forestalled a shooting war and saved thousands of lives.
She's missing so much in this list of those responsible. It leads me to believe she's only been nibbling at the edges instead of having a source at the core of the market.
In contrast, this RAND study talked to real people in the market. I don't know who they talked to, but I know from many of the statements made in this report that they talked to real sources.
Oh, and one who was, well, gender complicated. I don't know what pronouns they preferred, I just remember they were awesome and skilled. I'm not SJW and don't want to criticize Perlroth for this, but "men" sticks out like a sore thumb.
I skipped this bit as just the typical garbling of technical information by non-technical reporters, but actually, it's important. Replacing the firmware in video cards, network cards, or other devices isn't "0day".
It's all the interrelated "cyberweapons" market, I suppose, and not a significant error from one perspective.

But Perlroth frequently touches upon political concerns where this subtle difference is incredibly important.
Some could dismiss these tweets as a member of the establishment trying to discredit critics. Well, no. I'm an outsider. I just have inside knowledge. I think 0days are useful, but I'm not invested in them, and wouldn't be butthurt if Biden stopped their use.
Moreover: the best of reporters make mistakes, and the best journalism will still have experts in the subject pointing out competing viewpoints. Such disagreement is a healthy part of journalism.
You can follow @ErrataRob.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:

By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.