Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Several security teams do this. Project Zero and it's various researcher have been thumbing their noses at software companies for a long time.

The Cellebrite hack is not a shocking thing, similar demonstrations have been done for other digital forensics, IDS/IPS systems, and others over the last 20 years (longer?).

This notion that directly, and clearly calling out your adversaries deficiencies is unprofessional or a risk is kind of asinine, whether it's another business like Cellebrite, or ongoing government overreach in support of mass surveillance, or specific cases of investigation.

Failing to call them out leaves room for to imply agreement with their tactics and practices.



Project Zero tries to improve security for the public and in ways that directly or indirectly affect Google, as do many other hackers, by informing the public of risks and by pressuring developers to be more diligent and to fix specific vulnerabilities.

I don't see Signal's recent blog post as trying to pressure Cellebrite to improve their security. And the fact that other people do something isn't evidence of good judgment - other people can be stupid, and your circumstances are your own. Moxy doesn't work for possibly the most well-resourced security organization in the world (maybe outside the NSA), and he's not some independent hacker: he has a company, a product, and the privacy of millions of people that he has taken responsibility for - it's like having kids: you don't get to think of just yourself anymore, ever.

> asinine

At least you take your own advice.


That said, the Cellebrite hack scratched an old-school itch that hasn't been in awhile in a time when in person security cons where some of those demos happen haven't been happening :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: