I don’t have enough time today to dig into it thoroughly, but I’m not surprised to see that they too are cozy with VUPEN. Can’t wait to finish downloading the leak and start pouring through it myself.
Of course, when you develop and deploy malware behind the corporate veil, it’s OK. The state won’t hunt you down and arrest you. Rather, they’ll beat a path to your doorstep with checkbooks in hand. However… if you decide to merely disclose such vulnerabilities as an individual acting in conscience –much less develop and disclose them yourself to one-up the IC– then there’s always the latent risk that you’ll be met with criminal charges and indefinite detention without bail (or at least a flurry of lawyer nastygrams).
edit: And the leaker first leaked it on the Anarchism subreddit:
I’m liking this fella more and more :D
I’ve taken an initial look at one of the attack vectors (the malicious FF plugin/extension):