If researchers in this community are going to sell security vulnerabilities to the government, I think that fact should be well known.
daeken's work on hotel locks got a lot of press, but the fact that he had two years earlier sold that info to a company for "law enforcement purposes" hasn't gotten nearly the press attention it deserves.
Martin Muench and Chaouki Bekrar have openly embraced what they do. As much as I dislike the path they follow, I have to at least respect them for being up front about the business they're in.
If you're going to help governments covertly break into people's homes, computers, and smartphones, you should wear it with pride.
What exactly does this have to do with the matter at hand? What did you choose this particular thread to make a point about Cody? Cody was contributing his insight about vulnerability markets, which is something he knows a little about (unlike most thread participants). You seem to have chosen it to make a political point at his expense. That's not neighborly and it's not germane to the issue at hand.
With your response you make the problem even worse, by pointing out other people who made decisions that you, Chris Soghoian, don't approve of but who you "at least respect".
I also think it's a little laughable to suggest that Cody in any way enabled the USG to break into hotel rooms, as if that was a capability they were just champing at the bit to buy from someone like Cody rather than something they've been able to trivially accomplish for the last 200 years.
I've worked with Cody in the past, consider him a friend (despite his different stance on vulnerability market), and have a problem with comments that chime in on threads for the sole purpose of trying to take him down a peg.
Cody, on his own blog, described the sale of the vulnerability as follows:
In 2010, we (the startup I was running with friends at the time, UPM) decided to license the opening technology to a locksmithing company for law enforcement purposes.
If it is "laughable to suggest that Cody in any way enabled the USG to break into hotel rooms", then why would he describe the sale as "for law enforcement purposes"?
I stand by everything I said in my previous comment while noting that you didn't respond to the main point of that comment or the one that preceded with it.
daeken's work on hotel locks got a lot of press, but the fact that he had two years earlier sold that info to a company for "law enforcement purposes" hasn't gotten nearly the press attention it deserves.
Martin Muench and Chaouki Bekrar have openly embraced what they do. As much as I dislike the path they follow, I have to at least respect them for being up front about the business they're in.
If you're going to help governments covertly break into people's homes, computers, and smartphones, you should wear it with pride.