> I was thinking about phones, not servers. that doesn't change things too much, it does introduce some potential difficulties with intercepting certain types of traffic/input to the phone. The question just becomes who…
I completely agree, it i an enticing offer from Apple for the reason you lay out. Not all brokers are alike though, exploit survival is a gamble, but sensible end-buyers usually don't want to burn the exploits either so…
Harder than you might think. Who gets to control the server being compromised? 1. The buyer or someone the buyer trusts, then the buyer can log all the network traffic and find the incoming attack traffic and work out…
Reputation plays a big part in it on both sides. Most buys are not Zerodium and putting themselves out there as buyers. So, there is a certain degree of vouching that happens as someone introduces a buyer to a seller.…
> I was thinking about phones, not servers. that doesn't change things too much, it does introduce some potential difficulties with intercepting certain types of traffic/input to the phone. The question just becomes who…
I completely agree, it i an enticing offer from Apple for the reason you lay out. Not all brokers are alike though, exploit survival is a gamble, but sensible end-buyers usually don't want to burn the exploits either so…
Harder than you might think. Who gets to control the server being compromised? 1. The buyer or someone the buyer trusts, then the buyer can log all the network traffic and find the incoming attack traffic and work out…
Reputation plays a big part in it on both sides. Most buys are not Zerodium and putting themselves out there as buyers. So, there is a certain degree of vouching that happens as someone introduces a buyer to a seller.…