5 comments

[ 3.0 ms ] story [ 19.5 ms ] thread
Tbh I think that a major nation state’s national security agency should probably run something like this (publicly, with open source) and see if it’s a good tactic for use in the future against major bugs. They should also not use it to gain a foothold in their networks, but show that their defensive mission matters.

It’s not really possible for a private company to do this kind of thing, but I think a state security agency could.

How would you audit that their server is actually executing the open-source code that they say they are? The incentive for said server to, in certain cases or when detecting certain networks, also install a silent and subtle payload for future backdoor access (which every nation state has in its back pocket for a moment like this) is phenomenally high.
Not to mention that any decent network firewall with up-to-date signatures would probably just end up blocking the “patch.”
You wouldn't. Just like there's nothing to guarantee they're not using this exploit right now as we speak.
Note that in some legislations it may be illegal to use this against other people's systems without their consent.

As long as it doesn't break stuff i guess you are unlikely to be sued.