|
|
|
|
|
|
by irundebian
229 days ago
|
|
|
No, he didn't. Learn to discuss properly. OP stated that any government could get RCE for any OS. And that is highly unlikely, since budget above market rates does not imply that you can easily get RCEs. The market rates are high because there is scarcity of such vulnerabilites. Governments using COTS operating systems does not imply that these systems are unackable. If the statement of OP would be true, we would just see constant exploitation of RCE zero days, or at the least the impact of that. But that is not the case. |
|
|
It is frankly baffling that I even need to argue that COTS operating systems are easily hacked by governments and commercial hackers. It literally happens every day and not a single one of those companies or organizations even attempts to claim that they can protect against such threats. Government actors are literally what these companies peddling substandard security use to argue "nothing we could do". It has been literal decades of people trying to make systems secure against government actors and failing time and time again with no evidence of success.
I mean, seriously, go to Defcon and say that nobody there with a team of 5 people with 3 years (~10 M$, a single tank) could breach your commercially useful and functional Linux or Windows deployment and you are putting up a 10 M$ bounty to prove it. I guarantee they will laugh at you and then you will get your shit kicked in.
[1] https://en.wikipedia.org/wiki/Salt_Typhoon