After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security.
After WannaCry, US lawmakers introduced the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act. If the bill gets passed, it would create a Vulnerabilities Equities Process Review Board where they would decide if a vulnerability, known by the government, would be disclosed to a non-government entity. It won’t be an easy law to iron out as they’ll need to find the right balance between vulnerability disclosure and national security.
Meanwhile Shadow Brokers, the hacking group that leaked the SMBv1 exploit that led to WannaCry, announced that they would create a subscription-based business that would give paying members a monthly data dump of zero-days and exploits.
Grounded in our post WannaCry world, the Inside Out Security Show panelists – Cindy Ng, Mike Thompson and Kilian Englert – mulled over a popular philosophical keynote by Cory Doctorow, The Coming War on General Purpose Computing.
We closed out the show by discussing another potentially deadly attack, Adylkuzz and whether not they’d prefer an attack like ransomware that notifies them or a cryptocurrency miner that consumes resources from their system and they wouldn’t even know it.