@wolf480pl very good question, there are investigations going on that have indicated that the NSA may have collaborated (or exploited) Sun Microsystems along with Microsoft to ensure they had exploit material available for their operations. This vulnerability is not one of those and apparently just slipped the net and went unnoticed except by attackers who kept it a private exploit for well over 6 years.

@thegibson @dazinism @z @bill Thanks for the kind words! I agree with what many others are saying here in thread, there was a catalogue of security vulnerabilities and it's not just isolated to Cellebrite products (although the Moxie bug certainly gives legal weight to the data integrity of any case that used Cellebrite software). Those products are expensive, supplied to LE and thus don't get the same set of eyes on them as more widely distributed software. They are all awful with lots of bugs.

Google Chrome Version 90.0.4430.72 (Official Build) (64-bit) fixes the Chrome 0day (tested against Windows/x64) that was released into the Wild over the last few days. Update your Chrome if that's your gopher utility of choice ;-)

@requiem set's a legal precedent that America can remotely login to French computers and erase evidence of Chinese hacking attacks, without any care for lawful retention in the European Union or anywhere for that matter. America was always going to enforce a government backed "hack back" movement which is why the people need to campaign for their cyber 2nd amendment rights to also use "hack back" as a deterrent to government tyranny.

Show older
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!