[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
Rich Kulawiec
rsk at gsp.org
Fri Apr 11 20:48:02 UTC 2014
On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
> If you told me they used it against the targets of the day while
> putting out the word to patch I could buy it, but intentionally
> leaving a certain bodily extension hanging in the breeze in the hopes
> of gaining more valuable data than they lose would have been an
> unusually gutsy move.
"unusually gutsy" compared to what, EXACTLY?
Sources: NSA sucks in data from 50 companies
http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
Report: NSA Circumvented Encryption
http://www.bankinfosecurity.com/report-nsa-circumvented-encryption-a-6045
[ That one is interesting, by the way. It's from September 6, 2013, and
quotes reporting by the New York Times and Pro Publica the previous day.
Here's an excerpt:
Bruce Schneier, a widely followed cryptography expert,
author and blogger, characterizes the revelation as
explosive. "Basically, the NSA is able to decrypt most of
the Internet," he writes in his blog. "They're doing it
primarily by cheating, not by mathematics. ... Remember
this: The math is good, but math has no agency. Code
has agency, and the code has been subverted."
According to the news report, some of NSA's most
exhaustive efforts have concentrated on encryption widely
used in the United States, including Secure Sockets
Layer, virtual private networks and the protection used
on fourth generation smart phones.
Interesting that it mentions SSL, isn't it? ]
NSA's pipe dream: Weakening crypto will only help the "good guys"
http://arstechnica.com/security/2013/09/nsas-pipe-dream-weakening-crypto-will-only-help-the-good-guys/
Exclusive: NSA infiltrated RSA security more deeply than thought
http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331?feedType=RSS&feedName=topNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=992637
NSA Aiming To Infect "Millions" Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators
http://www.techdirt.com/articles/20140312/07334826545/nsa-aiming-to-infect-millions-computers-worldwide-with-its-malware-targets-telcoisp-systems-administrators.shtml
NSA hacker in residence dishes on how to "hunt" system admins
http://arstechnica.com/security/2014/03/nsa-hacker-in-residence-dishes-on-how-to-hunt-system-admins/
Let me note in passing that the NSA is not the only intelligence agency
on this planet that has demonstrated both willingness and ability to
create and/or exploit large scale security breaches in order to acquire
information. Surely nobody thinks that folks in Moscow and London and
Berlin and Bejing were just sitting on their hands.
---rsk
More information about the NANOG
mailing list