Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

computers / alt.privacy.anon-server / Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

SubjectAuthor
* EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EUrek2 hispagatos
+* Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EURetro Guy
|`- Re: EFF And Other Experts Join in Pointing Out Pitfalls of ProposedD
`- Re: EFF And Other Experts Join in Pointing Out Pitfalls of ProposedD

1
EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

<ufhsbb$22pqt$1@matrix.hispagatos.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=15475&group=alt.privacy.anon-server#15475

  copy link   Newsgroups: alt.privacy.anon-server alt.2600 alt.2600.madrid hispagatos.talk es.comp.hackers
Followup: alt.privacy.anon-server
Path: i2pn2.org!i2pn.org!news.hispagatos.org!.POSTED!not-for-mail
From: rek...@hispagatos.org.invalid (rek2 hispagatos)
Newsgroups: alt.privacy.anon-server,alt.2600,alt.2600.madrid,hispagatos.talk,es.comp.hackers
Subject: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU
Cyber-Resilience Act
Followup-To: alt.privacy.anon-server
Date: Tue, 3 Oct 2023 20:08:11 -0000 (UTC)
Organization: Hispagatos
Message-ID: <ufhsbb$22pqt$1@matrix.hispagatos.org>
Reply-To: ReK2 <rek2@hispagatos.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 3 Oct 2023 20:08:11 -0000 (UTC)
Injection-Info: matrix.hispagatos.org;
logging-data="2189149"; mail-complaints-to="abuse@hispagatos.org"
User-Agent: slrn/pre1.0.4-9 (Linux)
 by: rek2 hispagatos - Tue, 3 Oct 2023 20:08 UTC

EFF And Other Experts Join in Pointing Out Pitfalls of Proposed
EU Cyber-Resilience Act.
--
The letter suggests to either remove this requirement entirely
or change the reporting obligation to be a 72-hour window after
patches are made and deployed. It also calls on European law-
and policy-makers to prohibit use of reported vulnerabilities
“for intelligence, surveillance, or offensive purposes.”
These changes would go a long way in ensuring security
vulnerabilities discovered by software publishers don’t wind
up being further exploited by falling into the wrong hands.

Separately, EFF (and others) have pointed out the dangers
the CRA presents to open-source software developers by making
them liable for vulnerabilities in their software if they so
much as solicit donations for their efforts.
The obligatory reporting mechanism and open-source liability
clauses of the CRA must be changed or removed. Otherwise,
software publishers and open-source developers who are doing
a public service will fall under a burdensome and undue liability.

For more information:
https://www.eff.org/deeplinks/2023/10/eff-and-other-experts-join-pointing-out-pitfalls-proposed-eu-cyber-resilience-act

Happy Hacking
ReK2
--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

<e7d09beddf3d47278de5228a303f09f8@news.novabbs.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=15477&group=alt.privacy.anon-server#15477

  copy link   Newsgroups: alt.privacy.anon-server
Path: i2pn2.org!.POSTED!not-for-mail
From: retro....@rocksolidbbs.com (Retro Guy)
Newsgroups: alt.privacy.anon-server
Subject: Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU
Cyber-Resilience Act
Date: Tue, 3 Oct 2023 20:21:21 +0000
Organization: Rocksolid Light
Message-ID: <e7d09beddf3d47278de5228a303f09f8@news.novabbs.org>
References: <ufhsbb$22pqt$1@matrix.hispagatos.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="159416"; mail-complaints-to="usenet@i2pn2.org";
posting-account="PGd4t4cXnWwgUWG9VtTiCsm47oOWbHLcTr4rYoM0Edo";
User-Agent: Rocksolid Light 0.9.1
X-Spam-Level: *
X-Face: .&YR-G(w(DZ$$,}%k=]*5*!p'=(anr"IT`wZG'2VWdfl\r)l[42u7JH`n(JUQ*e5*A|XCDf
?&\X&uwkl38"CYX3O8m}C8E4p'%N$2#kSTVzx{Ly|DjLT\Vk7NE}NQ(VC$Yq]i:7|z[.9iv^g>*8_B
H0=hZt'[%)4kG|
X-Rslight-Posting-User: 91053d4a47d51b416144568e5a1040f05e31ed1b
X-Rslight-Site: $2y$10$Y7b8wceC6RnGsZ2YBZPiu.If1WFCEaCVCxlEnpvqVYaJR.XOA4.jm
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on novalink.us
 by: Retro Guy - Tue, 3 Oct 2023 20:21 UTC

rek2 hispagatos wrote:

> EFF And Other Experts Join in Pointing Out Pitfalls of Proposed
> EU Cyber-Resilience Act.

> patches are made and deployed. It also calls on European law-
> and policy-makers to prohibit use of reported vulnerabilities
> “for intelligence, surveillance, or offensive purposes.”

So if they're not allowed to use these vulnerabilities themselves,
we can assume they would never do such a thing.

Thinking as an American, I just assume they want to be notified
right away for the very reason that they could then take advantage
of them.

--
Retro Guy

Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

<cfe67510cce394dd66a1a098b92e4730@dizum.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=15478&group=alt.privacy.anon-server#15478

  copy link   Newsgroups: alt.privacy.anon-server
From: J...@M (D)
References: <ufhsbb$22pqt$1@matrix.hispagatos.org>
<e7d09beddf3d47278de5228a303f09f8@news.novabbs.org>
Subject: Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed
EU Cyber-Resilience Act
Content-Transfer-Encoding: 7bit
Message-ID: <cfe67510cce394dd66a1a098b92e4730@dizum.com>
Date: Tue, 3 Oct 2023 23:30:59 +0200 (CEST)
Newsgroups: alt.privacy.anon-server
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
 by: D - Tue, 3 Oct 2023 21:30 UTC

On Tue, 3 Oct 2023 20:21:21 +0000, retro.guy@rocksolidbbs.com (Retro Guy) wrote:
>rek2 hispagatos wrote:
>> EFF And Other Experts Join in Pointing Out Pitfalls of Proposed
>> EU Cyber-Resilience Act.
>> patches are made and deployed. It also calls on European law-
>> and policy-makers to prohibit use of reported vulnerabilities
>> "for intelligence, surveillance, or offensive purposes."
>
>So if they're not allowed to use these vulnerabilities themselves,
>we can assume they would never do such a thing.
>Thinking as an American, I just assume they want to be notified
>right away for the very reason that they could then take advantage
>of them.

pacifists are powerless against activists

Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

<87cc7d1b4e76bc5a95364ba5afc19046@dizum.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=15482&group=alt.privacy.anon-server#15482

  copy link   Newsgroups: alt.privacy.anon-server
From: J...@M (D)
References: <ufhsbb$22pqt$1@matrix.hispagatos.org>
Subject: Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed
EU Cyber-Resilience Act
Content-Transfer-Encoding: 7bit
Message-ID: <87cc7d1b4e76bc5a95364ba5afc19046@dizum.com>
Date: Wed, 4 Oct 2023 19:32:24 +0200 (CEST)
Newsgroups: alt.privacy.anon-server
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!news2.arglkargh.de!sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
X-Abuse: abuse@dizum.com
Injection-Info: sewer.dizum.com - 2001::1/128
 by: D - Wed, 4 Oct 2023 17:32 UTC

On Tue, 3 Oct 2023 20:08:11 -0000 (UTC), rek2 hispagatos <rek2@hispagatos.org.invalid> wrote:
snip
>For more information:
>https://www.eff.org/deeplinks/2023/10/eff-and-other-experts-join-pointing-out-pitfalls-proposed-eu-cyber-resilience-act

(using Tor Browser 12.5.6 <https://www.torproject.org/> to open this link):
https://www.eff.org/deeplinks/2023/10/eff-and-other-experts-join-pointing-out-pitfalls-proposed-eu-cyber-resilience-act
>EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-
>Resilience Act
>By Bill Budington and Eva Galperin
>October 3, 2023
>Today we join a set of 56 experts from organizations such as Google,
>Panasonic, Citizen Lab, Trend Micro and many others in an open letter calling
>on the European Commission, European Parliament, and Spain's Ministry of
>Economic Affairs and Digital Transformation to reconsider the obligatory
>vulnerability reporting mechanisms built into Article 11 of the EU's proposed
>Cyber-Resilience Act (CRA). As we've pointed out before, this reporting
>obligation raises major cybersecurity concerns. Broadening the knowledge of
>unpatched vulnerabilities to a larger audience will increase the risk of
>exploitation, and software publishers being forced to report these
>vulnerabilities to government regulators introduces the possibility of
>governments adding it to their offensive arsenals. These aren't just
>theoretical threats: vulnerabilities stored on Intelligence Community
>infrastructure have been breached by hackers before.
>Technology companies and others who create, distribute, and patch software
>are in a tough position. The intention of the CRA is to protect the public
>from companies who shirk their responsibilities by leaving vulnerabilities
>unpatched and their customers open to attack. But companies and software
>publishers who do the right thing by treating security vulnerabilities as
>well-guarded secrets until a proper fix can be applied and deployed now face
>an obligation to disclose vulnerabilities to regulators within 24 hours of
>exploitation. This significantly increases the danger these vulnerabilities
>present to the public. As the letter points out, the CRA "already requires
>software publishers to mitigate vulnerabilities without delay" separate from
>the reporting obligation. The letter also points out that this reporting
>mechanism may interfere with the collaboration and trusted relationship
>between companies and security researchers who work with companies to produce
>a fix.
>The letter suggests to either remove this requirement entirely or change the
>reporting obligation to be a 72-hour window after patches are made and
>deployed. It also calls on European law- and policy-makers to prohibit use of
>reported vulnerabilities "for intelligence, surveillance, or offensive
>purposes." These changes would go a long way in ensuring security
>vulnerabilities discovered by software publishers don't wind up being further
>exploited by falling into the wrong hands.
>Separately, EFF (and others) have pointed out the dangers the CRA presents to
>open-source software developers by making them liable for vulnerabilities in
>their software if they so much as solicit donations for their efforts. The
>obligatory reporting mechanism and open-source liability clauses of the CRA
>must be changed or removed. Otherwise, software publishers and open-source
>developers who are doing a public service will fall under a burdensome and
>undue liability.
[end quote]

"experts from organizations such as Google" . . . so how are they communicating
with specters of this titanic ghost ship, holding a seance using a ouija board?
("Google Groups" is the no.1 biggest spammer of Usenet newsgroups in the world)

computers / alt.privacy.anon-server / Re: EFF And Other Experts Join in Pointing Out Pitfalls of Proposed EU Cyber-Resilience Act

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor