Anybody who knows stuff care to comment?

Anybody who knows stuff care to comment? Even this article says the NSA denies, etc. Is this just more scare-mongering or bits of reality randomly stirred up?
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

Comments

  1. John NovakApril 11, 2014 at 8:33 PM

    I doubt you or I will ever really know for sure.  It's plausible.  It doesn't strike me as being like, but I'm for damned sure not a security expert.  (Any time anyone ever asks me to do anything security related, I run the other way because it is not in my competence, and therefore it is dangerous for me to work on.)

    It seems like exploiting it willy-nilly would be illegal, though, and one thing to remember is that all of the programs they've been taking fire for (as far as I know) have been Congressionally authorized.

    ReplyDelete
  2. Jasper JanssenApril 11, 2014 at 11:30 PM

    John Novak not necessarily authorised where you and I are allowed to know about it though.

    ReplyDelete
  3. Jasper JanssenApril 11, 2014 at 11:36 PM

    It seems likely to me that the NSA has much better fuzzing suites than the average security researcher, plus hardware to run them on, and as a matter of course runs new versions of security software through things that could potentially detect something like this.

    After all, it's just another tool in the toolkit. There's substantial timing evidence that "Apple joined the program" (of indiscriminate data collection) very shortly after that recent goto fail; bug that got all the furore was introduced into the codebase. Whether it was inserted deliberately, or accidentally and found is up in the air, but my money would be on really good fuzzing techniques and finding stuff that happens to be introduced.

    (And after all we weren't allowed to know about those instances of mass surveillance either — or about the orders that made it legal)

    ReplyDelete
  4. John NovakApril 12, 2014 at 11:43 AM

    There's also the question of the targets of any supposed exploit.  It is one thing to exploit the bug against foreign targets and quite another to exploit it against domestic targets.  

    The NSA still-- if they are following the laws-- need the equivalent of subpoenas to engage in domestic collections.  And while the FISC has a shockingly high ratio of grants vs denials, they still don't have carte blanche to do whatever the hell they want.

    ReplyDelete
  5. Jasper JanssenApril 12, 2014 at 12:26 PM

    Have there been any denials? Not to mention that "well, we're not entirely sure whether it's foreign or domestic, but we think it's mostly foreign, so enh -- and besides, we'll get the warrants when we want to actually access the data, but we'll collect it preemptively" way of doing things.

    Also also: As a foreign national This Is Not Reassuring.

    ReplyDelete
  6. John NovakApril 12, 2014 at 12:34 PM

    Yes, the denials were strident, categorical, and nearly immediate, for whatever that's worth. 

    Also, understand that neither the NSA nor Congress cares much about you, in the same way that European intelligence agencies don't care much about me.

    ReplyDelete
  7. Jasper JanssenApril 12, 2014 at 12:54 PM

    Oh, I meant denials as in the FISA court saying no you cannot have that data. Not as in the NSA saying "we would never do that sir, honest!", because that's pretty overused.

    I am pretty much as uninteresting  to my local intelligence agency as I am to the NSA, I'm pretty sure.

    That doesn't really make the squick go away, though.

    ReplyDelete

Post a Comment

Popular posts from this blog

Yes, this has gone on before.

Yes, this has gone on before. No, it isn't new. But don't try to tell me that people thinking it's ok to do this has nothing whatsoever to do with the messaging and behavior of public figures and leaders. Looking at you, Fox News and Trump and his enablers. Edit: Here's the headline - Indiana Woman Leaves Neighbor Racist Note Targeting Black Child, Relieved Because She 'Released Some Anger' https://www.essence.com/news/deborah-cantwell-racist-letter-black-child/ https://www.essence.com/news/deborah-cantwell-racist-letter-black-child/
Read more