[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 11, 2014 at 5:56 PM, Matt Palmer <mpalmer at hezmatt.org> wrote:
> You're assuming that the NSA is a single monolithic entity.  IIRC, the
> offense team and the defense team don't really talk much, and they
> *certainly* have very different motivations.  It wouldn't surprise me at all
> if the offense got hold of a juicy bug, and since they're paid to capture
> data, and knowing that they wouldn't get in trouble if the defense lost
> data, their motivations to keep their little bug to themselves are entirely
> understandable.

Hi Matt,

I assume only individual motivations, like CYA. Folks at the bottom
don't make bold decisions. A potentially career-making or
career-ending decision like this would have been kicked up the chain
until it reached someone who could, after consulting several other
folks to cover his own posterior, authorize the risk.

This and the high odds of a leak are how I know the NSA hasn't cracked
the prime factoring problem either. And anyone surprised by Snowden's
revelations either didn't read about or didn't understand Mark Klein's
2006 AT&T documents.

There are things that folks at the NSA could plausibly be doing.
Intentionally sitting on a massive security hole in their own systems
for two years isn't one of them.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]