TWIG 621: Put Another Lettuce on the Barbie

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

1 Like

What’s with the lack of links in the show notes? (And looking at other shows, it seems to be a growing trend.)

I use Google bookmarks a lot, and I hadn’t heard anything about them going away until this show. But there isn’t a link to the story so I’ll have to search it out. (And yes I’m lazy.) :roll_eyes:

In response to @JeffJarvis devil’s advocate role, regarding who is actually affected by the exploits, and it is “only” 55,000…

It is only 55,000 today, that we know of. How many others were affected by NSO Pegasus, without them being on the leaked list?

Also, do we know that other groups also don’t have access to these zero days? (Did the person who found it sell it to multiple bad actors? Or have other bad actors discovered it for themselves?)

We really should hold these companies (operating system manufacturers, hardware manufacturers and application writers) to the highest standards. We know the world is full of bad actors, so doing “just enough”, to make it irritating for bad actors isn’t really enough.

If you know your libraries are buggy as hell (E.g. Apple media libraries used by iMessage), by all means put in a temporary shim (E.g. BlastDoor), to give yourself time to do the job properly, anything is better than nothing, in the short term. But praising the shim as a solution to the problem is wrong, it isn’t a solution, it is, at best, a temporary fix. Doing the job properly should be the only acceptable solution.

2 Likes

Well let’s be clear here. If it’s not okay to build a function into the OS to allow official government actors to simply activate it to monitor you (aka a back door) then it’s not okay for anyone who isn’t the OS supplier to find/build their own.

2 Likes

The problem is, criminals don’t care what they should or shouldn’t be allowed to do. That means it falls on the people making the system to use everything at their disposal to make it as safe as possible.

It is like saying nobody needs seat belts or airbags, because people have to obey road laws, but there are still idiots who drive on the wrong side of the road or fail to stop for a red light…

2 Likes

THIS so much. We don’t know who else found the same exploit or what their or their customers’ motives are. So we should treat this as the red flag it definitely is.

2 Likes