May 20, 2022

Huge news. The Feds won’t use the CFAA to go after security researchers, pinky promise! Very important caveat. The EFF is all over it. https://arxiv.org/abs/2205.07759 There are so many problems with this paper I’m not sure where to start. I guess I’ll start with the conclusion: they are correct. Many APTs use public vulnerabilities rather than 0day.

Read →