this post was submitted on 03 Mar 2024
40 points (100.0% liked)

Cybersecurity

5662 readers
114 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] sugar_in_your_tea@sh.itjust.works 7 points 8 months ago (1 children)

On what grounds does Meta deserve the source code here? Unless Pegasus is considered a "derivative work," the most Meta should be able to demand is money.

[–] Ajen@sh.itjust.works 1 points 8 months ago (1 children)

They need to know how they were hacked so they can fix the vulnerability. NSO broke the law when they hacked whatsapp, it seems reasonable that they're forced to share details to prevent others from using the same method.

I'm wondering on what grounds is NSO allowed to keep the names of their co-conspirators (AKA clients) secret?

I think it's reasonable to require them to share details, but source code is a copyright issue and shouldn't be given up. I'm guessing the source has a lot more than just the one attack.

But yeah, I'm also surprised they're not obligated to reveal the names of anyone involved in planning or ordering the attack. Surely that could be subpoenad.