← Back to context

Comment by phaed

8 years ago

Thousands of years from now, when biological life on this planet is all but extinct and superintelligent AI evolving at incomprehensible rates roam the planet, new pieces of the great PII pollution incident that CloudFlare vomited across the internet are still going to be discovered on a daily basis.

5 comments

phaed

Reply
mrich  8 years ago

I was expecting this:

Thousands of years from now, when biological life on this planet is all but extinct and superintelligent AI evolving at incomprehensible rates roam the planet, taviso will still be finding 0-days impacting billions of machines on an hourly basis.

Be glad that Google is employing him and not some random intelligence agency.

  • ar0  8 years ago

    I have huge respect for taviso and his team. Their track record in security work is so impressive. They are without a doubt extremely capable.

    However, I am always wondering: are they really globally unique in their work and skill? So that they are really the ones finding all the security holes before anyone else does because they are just so much better (and/or with better infrastructure) than anyone else? Or is it more likely that on a global scale there are other teams who at least come close regarding skill and resources, but who are employed by actors less willing to share what they found?

    I really do hope Tavis is a once-in-a-lifetime genius when it comes to vulnerability research!

    • djsumdog  8 years ago

      One of the big conservatories in the infosec world are people who sell 0-day exploits to "security companies." Some go for the tens of thousands of dollars. Ranty Ben talked about how some people live off this type of income, when it came up in a panel discussion at Ruxcon 2012.

    • tuyguntn  8 years ago

      No he is definitely not alone, some of them work for other security companies, for antivirus companies, some of them are selling found vulnerabilities

  • kakarot  8 years ago

    What's funny is he kinda just stumbled upon this bug accidentally while making queries.

    If I were just casually googling two weeks ago and came across a leaked cloudflare session in the middle of my search results I think I would have vomited all over my desk immediately. Dude must have been sweating bullets and trembling as he reached out on twitter for a contact, not knowing yet how bad this was or for just how long it's been going on.