Security Market Segment LS
Tuesday, 21 March 2017 11:03

Vault 7: Plans to expose firms that do not patch flaws

By

Some organisations such as the Mozilla Foundation have received information from WikiLeaks to tend to vulnerabilities in their products which were recorded in the CIA document dump known as Vault 7 that was made a fortnight ago.

WikiLeaks publisher Julian Assange said, apart from confirming that the offer had been made, Google and some other companies had yet to respond.

Assange held a press conference overnight on 10 March to offer to share unpublished data from Vault 7 with technology companies to enable them to fix vulnerabilities detailed therein.

During that conference, he also said that once the remaining material — which he said was a very large amount — had been vetted and critical details redacted, it would be released to the public.

In a statement issued on Friday, Assange said the companies who had been contacted had not agreed, disagreed or questioned what he termed as WikiLeaks' standard industry disclosure plan.

The standard disclosure time for a vulnerability is 90 days after the person/company responsible for patching the software is given full details of the vulnerability.

Assange said most of the companies who were lagging behind in agreeing to the disclosure plan and receiving information about vulnerabilities from WikiLeaks, "have conflicts of interest due to their classified work for US government agencies".

Many multinational technology companies in the US have big contracts with government agencies and departments. For example, Microsoft recently cut a deal with the Pentagon for Windows 10 installations.

Linux companies are also part of this mix: Red Hat Linux has contracts for its enterprise Linux with the NSA which runs some of its spying software on the platform.

Even newspaper companies have ties of this nature: the owner of the Washington Post, Jeff Bezos, who is better known as the boss of Amazon, has a US$600 million to supply cloud services to the CIA.

Assange said, in practice, associations such as these limited tech industry staff from fixing security holes based on information that had been leaked from the CIA.

"Should such companies choose to not secure their users against CIA or NSA attacks, users may prefer organisations such as Mozilla or European companies that prioritise their users over government contracts," he said.

"Should these companies continue to drag their feet, we will create a league table comparing responsiveness and government entanglements so users can decide for themselves."

Cisco on Friday announced that 318 of its router models were at risk of a remote attack through a vulnerability detailed in the Vault 7 documents.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments