WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.<\/p>\n
![](\"http:\/\/zapt1.staticworld.net\/images\/article\/2017\/03\/cia-100712378-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Michael Kan| Date: Thu, 09 Mar 2017 03:57:00 -0800<\/strong><\/p>\n WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products. <\/p>\n That\u2019s because WikiLeaks has published<\/a> secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs. <\/p>\n Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited.\u00a0However, WikiLeaks might be able to speed up and expand the whole process. <\/p>\n So far, the site hasn\u2019t released the source code to any of the hacking tools. But on Wednesday, WikiLeaks raised the prospect that it might share the sensitive information with tech vendors as a way to quickly patch the vulnerabilities. <\/p>\n \u201cTech companies are saying they need more details of CIA attack techniques to fix them faster. Should WikiLeaks work directly with them?\u201d the site tweeted<\/a> out in a poll. <\/p>\n The day before, WikiLeaks said it was holding back from publicly sharing the source code until a consensus emerges over how the hacking tools should be \u201canalyzed, disarmed and published.\u201d <\/p>\n The site wants to prevent CIA-made \u201ccyberweapons\u201d from proliferating, so working with tech vendors could be a way for WikiLeaks to essentially defuse them. \u00a0 <\/p>\n It\u2019s also an offer that tech vendors probably can\u2019t ignore. <\/p>\n \u201cThey might have to absolutely work with WikiLeaks,\u201d said Jason Healey, a researcher at Columbia University who studies U.S. policy on vulnerability disclosure. <\/p>\n \u201cHow do you tell a shareholder or a user that there\u2019s information on a hole out there, but you didn\u2019t bother to speak with WikiLeaks about it?\u201d he said. <\/p>\n The other danger is that malicious parties might know about the secret CIA hacking tools too. <\/p>\n WikiLeaks hasn\u2019t identified the source behind the stolen documents. But it\u2019s mentioned that former U.S. government hackers and contractors were circulating the confidential data, and that someone among them supplied a copied portion to WikiLeaks. <\/p>\n However, Healey pointed to WikiLeak\u2019s suspected ties<\/a> to Russian cyberspies as a major area of concern. <\/p>\n Assuming the stolen CIA hacking tools are real, Healey suggests that the U.S. government intervene and help vendors patch the vulnerabilities involved in this particular leak. <\/p>\n \u201cDon\u2019t let [the tech vendors] go to WikiLeaks for the information,\u201d he said. \u201cLet them hear it from the U.S. and not maybe from the Russians.\u201d <\/p>\n Other security experts said that while it’s possible WikiLeaks could be holding on to other secret hacking tools, the document dumps so far haven’t shown anything alarming. <\/p>\n Will Strafach, CEO of Sudo Security Group, said that WikiLeaks has been exaggerating the capabilities of the leaked CIA hacking tools. <\/p>\n For instance, the CIA-developed iOS exploits in the documents show that the hacking tools appear to be largely out-of-date and no longer work on iOS 10 or higher, he said. <\/p>\n \u201cThe products are already patched,\u201d he said. \u201c[WikiLeaks is] definitely trying to mislead people here.\u201d <\/p>\n On Wednesday, Google also said it reviewed the stolen documents and is confident that its Android OS can \u201calready shield users from many of these alleged vulnerabilities.\u201d <\/p>\n However, tech vendors didn\u2019t immediately comment on whether they are reaching out to WikiLeaks. <\/p>\n The controversial disclosures apparently won\u2019t win the site any fans from the CIA. <\/p>\n \u201cSuch disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,\u201d the agency said in a statement. <\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Michael Kan| Date: Thu, 09 Mar 2017 03:57:00 -0800<\/strong><\/p>\n WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.<\/p>\n<\/p>\n