What exactly should we do with this information? It's clear there's a cyber war heating up. Between Stuxnet, the US gov's OPM getting hacked, kaspersky getting attacked, it's become pretty obvious. And since there's seemingly no need to declare such a war before doing it, it'll only get hotter.<p>So what do we do? Is it time to just start running open-bsd? Should I just assume my systems won't be a casualty because it won't get that hot? Air gap the important part?
I find it really strange the Navy is doing this. Does it actually have an intelligence wing capable of taking advantage of this? And if you thought the NSA was the cyber intelligence wing of the DoD, so did I.
This is why the mission of securing America's networks needs to be removed from the NSA.<p>“What’s more noteworthy is how little regard the government seems to have for the process of deciding to exploit vulnerabilities,” wrote Nate Cardozo and Andrew Crocker of the Electronic Frontier Foundation. “As we’ve explained before, the decision to use a vulnerability for ‘offensive’ purposes rather than disclosing it to the developer is one that prioritizes surveillance over the security of millions of users.”
Site seems overloaded. Link for the lazy: <a href="https://web.archive.org/web/20150615233609/https://threatpost.com/us-navy-soliciting-zero-days/113308" rel="nofollow">https://web.archive.org/web/20150615233609/https://threatpos...</a>
Didn't foresee all this nonsense when I started to enjoy IT back in the younger days.<p>Wish I didn't see it now either. What a mess. Long live the petrodollar and killing other humans for a fiat currency.
Why not 0 seconds, instead of 0 days? I didn't think you can buy time anywhere, but why the gratuitous use of the “days” unit when the quantity is zero anyway?<p>Still, a gov't agency would surely pay plenty, even for nothing at all, so what's the going rate for “no time at all” these days?