back to article GCHQ opens kimono for infosec world to ogle its vuln disclosure process

On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil and given the infosec world a glimpse inside its vuln-hoarding policies. The spying agency's internal Equities Process is the way by which it decides whether or not to tell tech vendors that …

  1. Anonymous Coward
    Anonymous Coward

    Careful wording there....

    Quote: "....certain types of British state-backed hacking now need a judge-issued warrant to carry out..."

    ...and what about all the "other types of hacking"?

    https://www.theguardian.com/technology/2017/oct/17/uk-spy-agencies-intelligence-mi5-mi6-law-data-sharing-tribunal

    https://www.theguardian.com/uk-news/2018/sep/21/british-spies-hacked-into-belgacom-on-ministers-orders-claims-report

  2. GnuTzu Bronze badge

    Re: Careful wording there....

    Hmm... Let's see. If there is no hope of ever prosecuting a target, then there's no hope of ever bringing a target to court. And, if there's no hope of ever bringing a target to court, then why bother with any manner of court order? I guess that's one reason that warfare and policing aren't conducted the same way.

  3. #define INFINITY -1

    I get the age-old spy vs spy--no stopping that and it means that spy agencies using vulnerabilities is just good foreign-affairs business.

    Holding onto them indefinitely is unmitigated villainy.

  4. Walter Bishop Silver badge
    Big Brother

    Internal equities vulnerability disclosure process

    The spying agency's internal Equities Process is the way by which it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.”

    What about the vulns introduced by the spooks as part of a security audit, such as use our not-random - pseudorandom number generator.

  5. Anonymous Coward
    Anonymous Coward

    We encourage GCHQ-based readers

    Speaking as an ex-GCHQ insider, I ...

    >BANG!< >CRASH!< >OUCH!<

    Oh, THAT Official Secrets Act.

    I know, I'll post it on Wikileaks...

    ... except that is now flooded with piddle from Julan Assange's incontinent cat. (leaks? GEDDITT??!)

  6. amanfromMars 1 Silver badge

    Swings and Roundabouts for All the Fun of the Fare in Cyber WarWare

    Who's modelled on whom? GCHQ on the Stasi or the Stasi on GCHQ? And that's only mentioning two old-timers in a very crowded busy field.

    Trying nowadays to defend and promote the indefensible and inequitable without catastrophic consequences is not anything that is going to be possible or desirable. Makes you wonder what sort of folk would even imagine it to be acceptable and fit and proper for a better future?

    Criminal terrorists with delusions of grandeur 'r'us ?

  7. Cliff Thorburn

    Re: Swings and Roundabouts for All the Fun of the Fare in Cyber WarWare

    Criminal terrorists with delusions of grandeur 'r'us ?

    Only in this estranged world can you be branded as a criminal terrorist for preventing an act of terrorism amfM, then banished to panopticon punishment with illogical greater game distractions.

  8. amanfromMars 1 Silver badge

    Re: Swings and Roundabouts for All the Fun of the Fare in Cyber WarWare

    Script kiddies at their work ...... https://www.cyberguerrilla.org/blog/operation-integrity-initiative-british-informational-war-against-all/ ...... and just following crazy orders from Crazy Orders/Secret Societies/Spooky Toons:-)

    Words Create, Command and Control and Destroy Worlds for that is how IT works .... although whether for National Security rather than Personal Protection depends on who and what one is and what one does.

    'Twas ever the case, say some. However. when some are many, are there no practical hiding spaces for frauds and fake leaderships in all of those fields which instantly recognise them for what they ..... tall tales with no broad bases in truth?

    What parts of Play Nice/Do No Evil is misunderstood? Or are those options and avenues denied or just not yet made available to that and those into the thrall and the thrill of servering to the psychopath and sociopath within.

  9. Cliff Thorburn

    Re: Swings and Roundabouts for All the Fun of the Fare in Cyber WarWare

    What parts of Play Nice/Do No Evil is misunderstood?

    Kinda makes you wonder who is directing the evil does it not amfM?, all so vocal when it suits, and ever so subdued when it doesn’t.

    This particular never ending story has gone on so long, if a boy riding a dragon flies past the window, it would hardly raise an eyebrow, then again nothing much would anymore ...

  10. amanfromMars 1 Silver badge

    Re: A Diabolical Injustice Worthy of Rectification .... Greater IntelAIgent Games Plays*

    Only in this estranged world can you be branded as a criminal terrorist for preventing an act of terrorism amfM, then banished to panopticon punishment with illogical greater game distractions. .... Cliff Thorburn

    *Augmented Remotely Realised Dream Scapes in Live Operational Virtual Environments Supplying EveryThing

    What would You Love to Provide for Future Realisation with Prime Premium Programming Protocols in AI Beta MetaDataBase Testing. Such Both Assures and Guarantees Future Supply Success to All Registered and Seeking More NEUKlearer Info and HyperRadioProACTive Intel for Deeper Core Systems Pre-Processing ...... Quantum Communications Systems Entanglement.

    Which you might like to consider and realise is for you to simply accept as True and Present Future AIdDriver for Quantum Communications Systems Operations?

    :-) Jump into that Stream Wholeheartedly for a Wonderfully Weird WeekEnder, Cliff Thorburn/El Regers:-)

    And are Quantum Leapers Enabled to Remotely Anonymously Crash Crass Crushing Internets Autonomously ..... or Only in Concert with Experienced Others .... in Beta JOINT* AIdVentures which would Profess to Be Both the Safest and Best Route/Root for MetaDataBase to Take/Make?

    * Joint Operations Internetworking Novel Technologies .... https://forums.theregister.co.uk/forum/1/2013/02/12/open_source_javafx_for_mobile/#c_1728121

    As you may realise and/or imagine, a heck of a lot happens in almost 6 years.

  11. FlamingDeath Bronze badge
    Facepalm

    Wolf!

    I'm not sure if listening to and believing a spokesperson from an organisation that it's sole job is to deceive, is the right thing to do

    But I am sure there is a story about a boy, some sheep, and a wolf which holds several lessons

  12. Pascal Monett Silver badge

    "If they keep discovered vulns to themselves"

    .. they can get hacked, and black hats can get their mitts on juicy zero-days that they can exploit quickly because the spooks will have a devil of a time admitting that they sat on those problems instead of protecting the public - which is their official duty and gives them all their powers.

    One day, I would like a Game-Of-Thrones ruler to turn on them and say "You knew this and kept it to yourself ?" - and then a public beheading.

    As a lesson to the rest of them.

    Never going to happen, because National Security is more important than your security as a member of that Nation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018