May 20, 2022

Huge news. The Feds won’t use the CFAA to go after security researchers, pinky promise! Very important caveat. The EFF is all over it. There are so many problems with this paper I’m not sure where to start. I guess I’ll start with the conclusion: they are correct. Many APTs use public vulnerabilities rather than 0day.

Read →