"But privacy and rights activists worry such powerful technology can wind up in the wrong hands, leading to abuses."
Am I to believe that this firm is the right hands? Or government? Please...all hands are the wrong hands. These vulnerabilities need to be closed. I wouldn't be surprised if the NSA or some other government tentacle was paying them not to make whatever they found known.
Actually Cellebrite themselves have been victim of some kind of hack last month and had a load of their internal documents leaked online. So no, if any, this firm is _not_ the right hands.
Any place which hoards 0-days is a prime target. Even if they are considered to be the "right hands", the "wrong hands" could grab those exploits eventually.
> I wouldn't be surprised if the NSA or some other government tentacle was paying them not to make whatever they found known.
It looks like your are unsure, so let me clarify.
There really are companies whose only business is to find and sell vulnerabilities to states. (Whether it's exclusive is just a matter of negotiations).
Most US "charity" ends up in Israel too. Best to think of them as if they were an entirely US-funded university you then have to pay to use the services of.
People don't favor gun control because they're eternal optimists about the government's benevolence, that is a ridiculous straw man. Generally people favor gun control because -- to use the same language -- they are not eternal optimists about the benevolence of their fellow citizens who sometimes murder large groups of innocents.
If they bothered to crack a history book, of course, they'd come to understand that on a long-enough timeline, they're most likely to be shot by their own government, military, or police forces.
But of course, That Can't Happen Here, because We're Special. (How many times have you heard that schtick lately?)
After that, the person most likely to shoot you is a fellow criminal that you're either associated with or competing with, such as a rival gang member.
Then comes suicide and firearm-related accidents.
Everything else is just so much statistical noise.
Meanwhile, the American left's inexplicable insistence on gun control as a key platform element continues to cost them elections they otherwise could have won handily.
Do you have any sources on your first claim? Or on your other claims? Also, gun control costs elections that would otherwise be won handily? With so much going on on this last election, do you think the barely discussed topic of gun control was the single most important topic to blame for an election that could otherwise have been won, and won handily? Would you have Hillary be against gun control, offering the majority of people that favour it no major candidate reflecting their beliefs?
I'm not your personal reference librarian, but you might start with a few of the more reader-friendly popular accounts and see where your interests take you. Solzhenitsyn's The Gulag Archipelago is worthwhile; also Milton Mayer's They Thought They Were Free, and perhaps Ma Bo's Blood Red Sunset. The idea behind recommending these particular books is that they helped me move past the special pleading fallacy that is American exceptionalism ("It can't happen here.")
Hopefully others can point you toward some similar books on the Armenian, Cambodian, Rwandan, and other 20th century genocides, as I'm not as familiar with them.
All told, you'd have to cite about 100,000,000 civilian gun deaths to catch up with the records set by modern governments who weren't as afraid of their citizens as they should have been. It's going to take a lot of Columbines and Sandy Hooks to rack up that kind of score.
Would you have Hillary be against gun control, offering the majority of people that favour it no major candidate reflecting their beliefs?
Yes. It's not as if removing gun control from the Democratic platform would send those voters into the arms of the Republicans.
> All told, you'd have to cite about 100,000,000 civilian gun deaths to catch up with the records set by modern governments who weren't as afraid of their citizens and subjects as they should have been.
Yep, the thing that's going to scare the United States government out of killing its citizens is them armed with arsenals of M-16's against their… F-22s, B-52s, carrier groups, and tanks.
My goodness, this is an absolutely absurd argument, made more absurd by the lack of realization of how absurd it is. That it keeps being harped on by gun control opponents does their argument no favors. The government will not be afraid of guns should they come after their citizenry. The police literally have tanks. The only thing guns do is make one less afraid of one's government if one fails to comprehend the absolutely beastly military power that it can bring to bear against one were it to decide to do so.
In fact, the only thing protecting one from the government deciding to crush one with a single well-placed smart bomb is… Well, it turns out it's permeating the culture with “It can't happen here”, to the point where the military itself believes that such a thing happening here would be utterly unacceptable. Only when the system itself culturally considers it verboten is there any hope of the immense military might the government possesses not being turned against its citizens. Barring that, the guns will be a fun thing for the military to play with after a sniper takes a rebel's head off.
Your assertion (in this particular comment, not the original one) is, gun rights will deter the government from attacking its citizens. To support that, citing books that show the government attacking its citizens is insufficient. Present a book that shows that a government was prevented from attacking its citizens because they were armed. Then perhaps the posited argument can be considered more than a delectable fiction to make one feel in control.
(Gun control, by the way, is tangential to the question of how absurd this particular argument is. Maybe it's a good idea, maybe it's a bad idea, but it's certainly not a bad idea because the government is afraid of folks with guns.)
That's one opinion. Asymmetrical warfare amounts to another opinion. The Afghan mujahedeen, the Taliban, Al Qaeda, ISIS, and the Viet Cong can tell you more about that sort of thing. So can various warfighters with more formal credentials, from Sun Tzu Wu to Paul Van Riper.
It's hard to fight a guerilla war with tanks, carriers and stealth bombers. Some of those folks will probably outlast the US government at the rate we're going.
Present a book that shows that a government was prevented from attacking its citizens because they were armed.
This is like claiming that the Y2K bug would have been no big deal if we hadn't spent millions of dollars preventing it from popping up, or that polio would have gone away on its own if Jonas Salk had slacked off. It's a bit of an unfair demand.
Well, it turns out it's permeating the culture with “It can't happen here”, to the point where the military itself believes that such a thing happening here would be utterly unacceptable
Before digging into Mayer and Solzhenitsyn, try some Zimbardo and Milgram. Their work was flawed but also very revealing. (Spoiler: if someone refuses to commit an atrocity for you, all you have to do is ask the next guy in line.)
If the US government decided to attack its own citizens on American land, I'd expect they wouldn't be too worried about waging a humane war. So perhaps the more educational recent example here is Aleppo. The rebels haven't lost... But the cost is most definitely not heaviest on the Syrian government.
As for the Y2K/polio analogy... I'm not really following, to be honest. You make an extraordinary assertion ("guns prevent governments from waging war on their people") that's arguably provably false (Colombia should be example enough that an armed and organized force is hardly sufficient to prevent the government's continued attack---at best it ensures a split nation and years of warfare and strife). You present readings that show governments have waged war on an unarmed citizenry as proof that they won't wage war on an armed citizenry, but that's not proof---it's just not disproof. You can say that it's impossible to prove it (because it's a negative), but then all you can do is disprove it (which I'd say the world has already done).
I hear what you're saying, don't get me wrong. It sounds like you're in a better position to comment on the situation in Colombia if nothing else. But we're both playing some simplistic hands here. As soon as other players turn a local conflict into a proxy war -- as the Russians and US are in danger of doing in Syria and as the US drug warriors have done in Columbia -- life gets more complicated. Still, I'd argue that you're better off in such situations if you haven't delegated all of the responsibility for protecting yourself and your family and property to a government who may or may not have other interests in mind.
Even the American Revolution was basically a proxy war between England and the continental powers, for that matter. But when the dust settled, you didn't see the French moving in to claim their just rewards. As the apocryphal quote credited to Yamamoto goes, "There would be a rifle behind every blade of grass." We were then, as we are now, more trouble to mess with than we're worth.
That's the kind of relationship that many American citizens like to maintain with their own government. I don't see that as a bad thing.
I find the asymmetrical warfare argument…weird. Afghanistan as a nation has been in a state of massive system failure for decades. Is that really the hope guns offer? “If the government goes ballistic, our guns will ensure we end up like Afghanistan”?
For 2500 years their way of life has survived Alexander the Great, the Sassanids, Genghis Khan and the mongol hordes, the USSR, and possibly the United States. In that same time many other peoples have ceased to exist entirely.
We may hold different values but we can learn from their longevity and resistance.
"Afghanistan is an impoverished least developed country, one of the world's poorest because of decades of war and lack of foreign investment. As of 2014, the nation's GDP stands at about $60.58 billion with an exchange rate of $20.31 billion, and the GDP per capita is $1,900. The country's exports totaled $2.7 billion in 2012. Its unemployment rate was reported in 2008 at about 35%. According to a 2009 report, about 42% of the population lives on less than $1 a day."
"A January 2010 report published by the United Nations Office on Drugs and Crime revealed that bribery consumed an amount equal to 23% of the GDP of the nation."
I don't think that Afghanistan makes a good citation for any side of a general argument about gun control policy in the US. Like s_m_t said, their geopolitical milieu is just too different to be relevant. (I'm tempted to say the same of their culture, but I don't really believe that, having grown up in a Bible Belt state.)
However, the Afghan example does effectively rebut shadowfiend's specific point about guerilla warfare being ineffective against a superpower. They call Afghanistan the "Grave of Empires" for a reason, and it's not because they have a really awesome regular army.
Now, in defense of shadowfiend, it's easy to show that he or she is wrong historically, but I suspect that technological development is beginning to favor state power. Guns or no guns, to be an effective guerilla you have to be able to blend in. But you can't really hide anymore... not in the jungles, not in caves, not in the streets and alleys and suburbs and slums, and not in cyberspace. I guess that's sorta our fault.
"Yep, the thing that's going to scare the United States government out of killing its citizens is them armed with arsenals of M-16's against their… F-22s, B-52s, carrier groups, and tanks."
Do not underestimate guerrilla warfare. There are many examples in history when a small, armed group managed to resist huge regular armies for years, decades or even achieve victory. See Afghanistan for example: two biggest military powers on the entire planet (USSR, NATO) failed there. Bombers and tanks won't be very useful against small, mobile groups of fighters, especially in urban environment, unless you are going to raze everything to the ground (like Chechnya or Aleppo).
-The reason a small guerilla may 'win' over a large power is simply (IMHO) because the success criteria are different.
The large power needs to eradicate the guerilla (preferably without too much collateral damage in the population the guerilla is hiding in, as that would -in addition to be plain wrong - increase recruitment to said guerilla.).
The guerilla simply needs to not be eradicated. As long as it exists in any meaningful sense, it will tie up vast resources for the adversary.
Or, phrased simply - the large power needs to win to win. The guerilla needs to not lose to win.
> Yep, the thing that's going to scare the United States government out of killing its citizens is them armed with arsenals of M-16's against their… F-22s, B-52s, carrier groups, and tanks.
That's a red-herring though because it doesn't describe an ethnic cleansing.
In an ethnic cleansing police move house to house, dragging the unwanted people into the street. In that scenario, small arms are effective in slowing or stopping the problem, at least long enough to receive foreign aid, etc.
> The only thing guns do is make one less afraid of one's government if one fails to comprehend the absolutely beastly military power that it can bring to bear against one were it to decide to do so.
They probably won't be bombing many cities because they see themselves as ruling that area. (Even in Syria, the dictator isn't using building-levelling bombs very much because he wants to take the city back.)
The situation for those in Aleppo is horrible but if they weren't fighting back they'd all be dead in a ditch already.
> Gun control, by the way, is tangential to the question of how absurd this particular argument is. Maybe it's a good idea, maybe it's a bad idea, but it's certainly not a bad idea because the government is afraid of folks with guns.
No, that's not what history shows. Gun control (a lack thereof) wouldn't have changed the course of our wars, but would have changed the genocides. Scapegoats are only valuable if they're weak.
Liberal segment of the population checking in; that's a complete strawman - we're in favour of gun control because we don't trust our fellow citizens to be responsible with them, NOT because we trust the government.
Regarding state vs federal control; I think you'll be surprised how many liberals are happy with individual states de-criminalizing marihuana and such, there's actually a lot of agreement with libertarians regarding governement power amongst many liberals.
Many of us are concerned about abuses of state power to roll back progress on abortion, teaching evolution, secularism etc. and I don't know your political leanings, but I suspect you'd agree with a lot of these, weren't it coming from the....pfff...liberals - they can never be right, can they?
> Many of us are concerned about abuses of state power to roll back progress on abortion, teaching evolution, secularism etc.
The problem is that you can't pick and choose. If you want limited federal government you have to protest just as loudly against Common Core (federal involvement in education), gun control, environmental action, etc. And the same applies with regards to executive overreach - re: border control and immigration policy.
I think you may be surprised to realize that many conservatives (obviously it depends who we're talking about) will gladly ally with you to prevent both of these, but unfortunately no one on the left was willing to do anything as long as they held the reins of power. I only hope that now that Republicans are in charge, conservatives will not get too giddy with power (and I think there is hope).
Limited government and constitutionalism are the only way to ensure an even balance, and prevent the other 51% (give or take) of the country from forcing their views down your throat.
This is absolutely false. Governments throughout the world can have extreme levels of control over certain aspects of life while being powerless in other, due in no small part to the willingness of people to accept this control, culturally and politically.
Germans are big on effective bureaucracy and a social safety net that works, yet they're some of the biggest sceptics in privacy, to the point where most people use cash for most transactions.
Americans have a complete unwillingness for a unified ID to the point where all states have to improvise with drivers' licenses and other forms of ID which are not uniform and imperfect next to most other countries' ID cards. Again it's a cultural issue.
Even though most of the state's power comes through the form of silent bureaucracies, people's willingness to accept that power always factors in. If people care enough, the state just can't push on with certain things.
>What I don't understand is why they don't understand that.
Propaganda. Miseducation. Appeals to emotion. The usual totalitarian work. But don't think these tactics only work on the "left". We're all being played.
What they understand, that you don't, is that arms are not the only means to resistance and that they are not a particularly effective one at that.
Furthermore they are watching the Black Lives Matter movement (which you apparently have never heard of) and how the 2nd Amendment Crowd (not all, but probably most) is responding by expressing their support for state violence.
Personally I'm not a fan of gun control (guns are overrated) but I also laugh at suggestions like yours in light of how subservient and ingratiating the 2nd Amendment zealots are towards the police and military.
"Could you do anything to deprive them from throwing a stone at someone or from driving a car and running over people?
"You can't blame the car manufacturer at that point for delivering a car that was utilised to commit that kind of crime," he said.
This is specious reasoning. The point of a car is not to run over people; it's to go from point A to point B. This technology, on the other hand, has only one purpose: to break into cellphones.
I think it's an important distinction. The crime is in how it's used, not in the technology itself. Banning the tech outright only affects actors who are willing to follow the law. So banning this tool would mostly limit white hats.
The same principle applies to gun rights for example. The gun itself isn't the problem, it's how someone chooses to use it. (self defense vs crime). Nobody is an absolutist here, everyone draws the line somewhere slightly different.
Outlawing the tech ensures that good guys lose the arms race every time.
When I say good guys I don't necessarily mean the government. I mean anyone out there who is not using the tech for malicious intent. People using guns for self defense, breaking into an encrypted device to solve a crime, or retrieve lost work etc.
This keeps the focus on improving the actual technology (encryption). Rather than just banning law abiding citizens from taking part.
He's saying (if I understand correctly, it's awkwardly phrased) that his company sells only to a small number of clients who are all regimes (meaning states). There are only a handful so he can vet them and demand commitments that the technology will only be used for good.
Plenty of other reasons to disagree. But, he is basically agreeing with you that this technology should be treated as a dangerous weapons-like thing and controlled in the way the sale of advanced weapons is controlled.
It goes without saying - don't make this easy for them(or anyone). Use a strong alphanumeric password on your mobile devices. It's annoying and inconvenient until it saves your ass - there is still no "fast" way to crack a password like "My 42nd spaceship had 4 hearts of gold.", but it's not that difficult for your brain to remember.
Fingerprint unlock can save you some of the PITA of typing it - just be sure you power off your device when you have even the slightest chance of encountering an actor that could seize your mobile device - that way the passphrase will be required.
It's not that hard to remember, but some sites (my last encounter was paypal) still insist on truncating passwords to a certain length. It's not much fun having to remember "My 42nd spacesh".
Paypal and other websites are not mobile devices. Using a high-entropy random password is still a best practice with those, and many of us recommend a (database or deterministic) password manager.
Another interesting point they mention is "recovering years long deleted texts." Consider the filesystem your phone uses for volumes it's writing data to and how it (probably just) unlinks files when deleted... [edit] and I should add a 'factory reset' will probably just write a new filesystem table over the old on disk without wiping anything on most devices
On devices with full-disk encryption (such as iPhones made in the past few years), a "factory reset" is equivalent to scrambling the entire disk. This is because it securely erases the keys that were used for all the data on the disk, and without the keys, all that data is effectively random garbage.
Of course it depends on the phone. Many qualcomm based Android devices seem to have had their Full Disk Encryption scheme broken at the moment [1], for example. But either way, if your disk encryption scheme doesn't fully wipe the disk before use, then any data that ever hit the disk unencrypted could still possibly be sitting there until its physical blocks are consumed (or could be in a cache somewhere). Again this also depends on the hardware, in this case the storage hardware itself. SSDs using TRIM can wipe unused, unencrypted blocks for example in some scenarios. Who knows about the particular functioning of some SD type controller in a phone or even the card's own embedded OS [2].
I would say if you have data on your smartphone you don't want recoverable at rest, take module0000's advice, then also use encryption, and then also use a multi-pass wipe tool on particluar files. Of course all of this could still not work.
For example, I'm not sure what the forensic ramifications of a seemingly more complex filesystem like APFS will be in the near future when it hits iOS.
Actually, after re-reading your scheme it doesn't sound too bad either... the main problem would seem to be then if the encryption was fundamentally broken (ie: if the encrypted bits are recoverable after the second factory reset and could then be decrypted)
This is completely off-topic, but can we take a moment and recognize how fantastic it is that the article has a picture of a hacker's desk with an assortment of mobile devices like: a calculator, 3 bluetooth mice, and a stapler?!
It will be interesting if Apple went after Cellebrite under the DMCA anti-circumvention clauses. I would laugh if their product became illegal in the United States.
Israel has a trade agreement with the US so DMCA is at the least partially enforced, most trade agreements have a bilateral enforcement of trademark and copyright protection laws.
Israel is also a member of the WTO so there is that avenue also.
So we have learned that some phone vendors give Cellebrite their phones before they reach market in order for them to discover and exploit vulnerabilities.
Apple refuses to do business with these 'forensic' criminals.
Do not purchase a phone from a vendor that engages in this unethical practise.
Cellebrite got its start with the UME, a phone memory transfer tool for carriers' (POS and support). Carrier-oriented tools are a major part of its operations, though there have been some talks about spinning this off to a separate company.
Cellebrite gets early access to phones NOT due to its forensics operations, but for UME, since carriers (and that's lots(!) of carriers worldwide) are very much interested in good consumer experience on the devices' launch day.
I actually doubt it's been particularly significant to its forensics operations.
You'd think if they could crack the latest iPhone/iOS they'd crow about it.
The article seems to paint it as a "we're confident we could" - which seems bizarrely vague. Why would they do that when they claim they can crack an LG G4 wide open?
This is a good point. But I am not sure they have demonstrated that they can crack a G4 wide open. They were able to access DCIM folder, which is very accessible by design. Even if they were able to bypass whatever protection this folder has ("password was disabled"), it is still far from wide open.
They might be able to do what they claim, but not much was actually presented.
> iOS devices have strong security mechanisms that give us a challenge, but if anyone can address this challenge and provide a solution to law enforcement, it is Cellebrite," he said, referring to Apple's operating system.
This makes it sounds like Cellebrite actually cannot currently crack the latest phones running iOS 10, but the CEO is merely expressing his belief that they'll figure out how to do it. See how he's not saying "we can do it", but instead he's saying "if anyone can do it, it's going to be us".
I wonder, if Ben-Peretz and his checks 250 researcher team can crack checks 150 phones a month what is stopping the <scary US government agency>/<Chinese equivalent>/<Russian equivalent> from forming a 2,500 researcher team and doing the same?
It's not like there's a shortage of relevant skills in the US (supposedly responsible for stuxnet) or Russia.
Or is it just that <scary government agency> doesn't want to share its toys with <local police>?
Ah well, with Mediatek based phones it's pretty easy - you can readback the whole storage once you have its partition map from a rooted device, or you know the size of its flash chip and figure out the partition bounds later.
Dunno about the situation with other phones but given that many cheap Androids run Mediatek, it's not very difficult to claim a huge number of "crackable phones".
The only thing that should protect you from any kind of government snoops is encrypting your phone with a strong passphrase and shutting it off once you leave a room taking the cops less than 30 seconds to enter.
I was wondering the same thing. If the data on the flash ram chip is not encrypted then worse case you just de-solder it and connect it to another computer and dump the data, I think I have seen that demonstrated someplace before. But I guess if they are using the users password you can just password cracking.
On a similar note, back when cell phones were just getting started, I started parsing the ownership of the cell towers. I noticed an unusually high correlation of Israeli companies owning them (back before the phone companies themselves really started investing in them). Now think about the purpose of an imsi catcher/stingray. The Israelis seem to be on the edge of cybersecurity across the board. I know while in Iraq I got lots of training that was decidely sourced from Israel too.
All that being said, Israel is also known as being just as active if not moreso than Russia and China in their espionage against the US. I think that's also worth considering.
Any specific resources/links re: that final comment? Not something I've ever read about, although I could imagine..
Not discrediting your statement, genuinely curious.
> Among the data the firm claims to be able to access are text messages deleted years previously.
Among all the claims this one seems like it might be one that holds up with very recent iOS/Android releases. It would be interesting to find out whether they rely solely on the encryption to protect the deleted messages and whether overwriting the data would be thwarted by flash device wear-leveling indirection.
And the good kind of advertising, because it's accurate. Apple did the hard engineering work across their entire software and hardware stack because they knew it was important.
They didn't settle for good enough.
They didn't weasel out of it by blaming "ease of use" concerns.
They didn't argue that maximum security wasn't a high priority for their customers.
They didn't deploy marketing slogans to pretend like they had done the hard engineering work. (cough Knox cough)
What? I'm opposed to using U.S. tax dollars to contravene the security of U.S.-designed, manufactured and used devices and operating systems. I don't care if it's the FBI [1], a Canadian company [2] or the Israelis.
It's shitty that you devolve your rhetoric so quickly. This is the most disturbing exchange I've ever had on this forum.
> If your government needs to hack a phone that belongs to a terrorist to protect innocent US citizens then what's the problem?
Americans are innocent until proven guilty. If our government determines guilt without following due process, they (and those who aid and abet them) may be the ones acting illegally.
Does anyone track? I guess as much anyone tracks any "U.S. tax dollars" going to any other US government stuff one doesn't like or agree with. (In other words, probably not much.)
Cellebrite doesn't "target" the U.S. It happily develops forensic tools to target Chinese, U.S.-ian, heck, even Israeli phones (if there were any to speak of).
Furthermore, Cellebrite don't sell exclusively to the U.S. They will sell to Canada, UK, France, Germany or any legit law enforcement agency that has budget. U.S. law enforcement may refrain from buying Cellebrite wares. They might decide to buy from a competitor, like Swedish firm MSAB. Heck, they may decide it's "unethical" to own such tools.
While it might adversely affect Cellebrite's bottom line, I think it will first and foremost adversely affect U.S. police departments' capabilities.
They [the government] ask people to login to their email accounts and unlock their phones at the border. They really don't even need any technology to steal data. Intimidation works for them already.
Then we just need a phone inside a phone right? Provide them with a fake password that shows no data, has 1 kids game app, and gives you plausible deniability. If coded correctly would be no way to prove if there is or is not a second deeper encrypted device.
And somehow I can't connect my android phone to a mac computer with a USB cable to copy photos out, without it crashing 50% of the time. I must be missing something
Sounds like a risky business to be in. If Apple decides to change their encryption technology, you could be out of business some time soon after a new release.
Too bad Google made the boot password the same as the screen unlock password. Since virtually everyone wants to be able to quickly unlock their phone, this makes security a Hobson's choice.
Fingerprint readers seem to solve that problem. Booting the phone requires the secure password, but after that a fingerprint will suffice until the phone is powered off or left locked for 24 hours.
Yeah I can see that being the case for the vast majority of users. Also it's a damned shame that Google enforces a limit of 16 characters for the password.
Fortunately the community has addressed both these claims, although you need root to set it up (you can remove after).
An app on F-droid known as "Cryptfs Password" can change the encryption password separately from your screen unlock password. It also bypasses the 16 character limit, as the encryption key I used on my last phone was 27 characters. At the end of the day Android encryption runs using dm-crypt, so the same sort of rules apply. The 16 character limit is a UI limitation, and there's no technical reason for it.
* Note: I fully acknowledge that Google needs to do better here, as I would never assume a normal user could root + install Cryptfs password + unroot after, but at least for those of us who can, we can do something in the meantime.
Forcing boot passwords to be the same as what unlocks the screen guarantees that they're so weak that they might as well not exist. Meanwhile, users who want real security are fucked.
The same kind of boneheaded removal of features in the name of simplicity is behind Android Pay requiring your phone to have a locked screen -- because that supposedly solves the problem that used to exist of users having to enter a PIN twice when they'd unlock the screen and then unlock Android Pay.
Am I to believe that this firm is the right hands? Or government? Please...all hands are the wrong hands. These vulnerabilities need to be closed. I wouldn't be surprised if the NSA or some other government tentacle was paying them not to make whatever they found known.
Gee, I sound paranoid. What am I thinking, our government would never do that. Oh wait... http://www.reuters.com/article/us-usa-security-rsa-idUSBRE9B...