zlacker

[parent] [thread] 4 comments
1. schoen+(OP)[view] [source] 2019-07-02 17:01:10
I'm always confused when I hear this about why malware researchers don't obtain a huge trove of malware samples (and/or zero-day exploits) by obtaining some of these "gifts" and then connecting them to honeypot devices. If all you have to do to receive one is travel to China as an employee of a major U.S. company, they must be quite easy to get ahold of.
replies(3): >>yazan9+Yc >>codedo+Uu >>komali+Ww
2. yazan9+Yc[view] [source] 2019-07-02 18:17:42
>>schoen+(OP)
I imagine the average Joe working at MSFT/AAPL/GOOG/etc. doesn't get such gifts unless they are worth hacking - in which case I imagine the gift-givers would have done their due diligence. Also corporate policies can be pretty specific and strict regarding gifts to eliminate potential conflicts of interests.
replies(1): >>schoen+Hg
◧◩
3. schoen+Hg[view] [source] [discussion] 2019-07-02 18:37:38
>>yazan9+Yc
Due diligence about whether the gift recipient is likely to to use it personally rather than passing it along to a malware researcher?
4. codedo+Uu[view] [source] 2019-07-02 20:08:55
>>schoen+(OP)
Someone must have a lot of free time to do this instead of work.
5. komali+Ww[view] [source] 2019-07-02 20:23:06
>>schoen+(OP)
It is not a fun idea to travel to China as a malware researcher. You might get arrested for being involved in encryption at all, which to China means you were smuggling in anti-Party materials. Or, you might be arrested so you can be used as a pawn in a political game:

https://www.scmp.com/news/china/diplomacy/article/2189605/us...

[go to top]