|
|
Log in / Subscribe / Register

Stupid disclosure policies are coming too

Stupid disclosure policies are coming too

Posted May 2, 2026 13:23 UTC (Sat) by bjackman (subscriber, #109548)
Parent article: Eden: NHS goes to war against open source

This phenomenon dovetails nicely with the sockpuppet.org post from a few weeks ago [0]:

> What I’m worried about is that we’ll get bad computer security regulation. Our industry has agreed for decades about the ethics of vulnerability research. Specifically: that it’s computer science. Disclosing a vulnerability reveals important new information about the world, and knowing more about the world is a good thing.
>
> Security researchers are kidding themselves if they assume policymakers see it the same way.

I fear we are in for a few years of highly impactful, completely idiotic policy decisions from powerful morons who are too pigheaded to consult with security experts.

[0] https://sockpuppet.org/blog/2026/03/30/vulnerability-rese...

to post comments

Stupid disclosure policies are coming too

Posted May 3, 2026 13:25 UTC (Sun) by ballombe (subscriber, #9523) [Link] (3 responses)

They might have consulted military security experts. This is a typical reaction.

Stupid disclosure policies are coming too

Posted May 5, 2026 10:06 UTC (Tue) by tao (subscriber, #17563) [Link]

A much more likely scenario is that they've listened to lobbyists from proprietary software companies.

Stupid disclosure policies are coming too

Posted May 7, 2026 1:41 UTC (Thu) by davecb (subscriber, #1574) [Link] (1 responses)

They might have consulted military security experts. This is a typical reaction.

The military isn't that stupid. They (we) balance needs. For example, "Flash" messages, indicating you had encountered the enemy, were immediately sent, unencrypted . The enemy, you understand, knew you were there from all the bullets whizzing by.

Other messages, where security was more important than immediacy, were encrypted.
Modern radios have fairly good real-time scrambling/frequency-hopping via the SAVILLE algorithm, so you get immediacy as well as some security.

I'll bet a whole nickel they've been talking to proprietary-security vendors.

Stupid disclosure policies are coming too

Posted May 15, 2026 5:28 UTC (Fri) by cypherpunks2 (guest, #152408) [Link]

> Modern radios have fairly good real-time scrambling/frequency-hopping via the SAVILLE algorithm, so you get immediacy as well as some security.

Emphasis on "some". SAVILLE being used today is a perfect example of how backwards the military is and how poor their security culture is. It's a cipher from the 60s when cryptography was in its absolute infancy, and I can almost guarantee that it's quite trivially breakable. To put it into perspective, it was designed before linear OR differential cryptanalysis where discovered. I'd feel safer even using something as broken as RC4 than SAVILLE.

BATON is surely a lot better. I doubt it can be broken in realtime, but it's unlikely to be better than AES.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds