Infosec’s watchword is “sunlight is the best disinfectant.” If you want to prove that a product is genuinely defective, it’s not enough to make the claim: you have to back it up with demos that anyone else can replicate — otherwise the companies will straight up call you a liar and assure their customers that there’s nothing to worry about.
Yesterday, Youtube froze Kody Kinzie’s longrunning Cyber Weapons Lab channel, citing a policy that bans “Instructional hacking and phishing: Showing users how to bypass secure computer systems.” He now has a “strike,” which prevents him from uploading any new videos.
… Youtube banning security disclosures doesn’t make products more secure, nor will it prevent attackers from exploiting defects — but it will mean that users will be the last to know that they’ve been trusting the wrong companies, and that developers will keep on making the same stupid mistakes…forever.
(Via Boing Boing)
Mind-bogglingly short-sighted by Youtube, but not surprising.