[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
> If you told me they used it against the targets of the day while
> putting out the word to patch I could buy it, but intentionally
> leaving a certain bodily extension hanging in the breeze in the hopes
> of gaining more valuable data than they lose would have been an
> unusually gutsy move.

"unusually gutsy" compared to what, EXACTLY?

	Sources: NSA sucks in data from 50 companies
	http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies

	Report: NSA Circumvented Encryption
	http://www.bankinfosecurity.com/report-nsa-circumvented-encryption-a-6045

	[ That one is interesting, by the way.  It's from September 6, 2013, and
	quotes reporting by the New York Times and Pro Publica the previous day.
	Here's an excerpt:

		Bruce Schneier, a widely followed cryptography expert,
		author and blogger, characterizes the revelation as
		explosive. "Basically, the NSA is able to decrypt most of
		the Internet," he writes in his blog. "They're doing it
		primarily by cheating, not by mathematics. ... Remember
		this: The math is good, but math has no agency. Code
		has agency, and the code has been subverted."

		According to the news report, some of NSA's most
		exhaustive efforts have concentrated on encryption widely
		used in the United States, including Secure Sockets
		Layer, virtual private networks and the protection used
		on fourth generation smart phones.

	Interesting that it mentions SSL, isn't it? ]

	NSA's pipe dream: Weakening crypto will only help the "good guys"
	http://arstechnica.com/security/2013/09/nsas-pipe-dream-weakening-crypto-will-only-help-the-good-guys/

	Exclusive: NSA infiltrated RSA security more deeply than thought
	http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331?feedType=RSS&feedName=topNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=992637

	NSA Aiming To Infect "Millions" Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators
	http://www.techdirt.com/articles/20140312/07334826545/nsa-aiming-to-infect-millions-computers-worldwide-with-its-malware-targets-telcoisp-systems-administrators.shtml

	NSA hacker in residence dishes on how to "hunt" system admins
	http://arstechnica.com/security/2014/03/nsa-hacker-in-residence-dishes-on-how-to-hunt-system-admins/

Let me note in passing that the NSA is not the only intelligence agency
on this planet that has demonstrated both willingness and ability to
create and/or exploit large scale security breaches in order to acquire
information.  Surely nobody thinks that folks in Moscow and London and
Berlin and Bejing were just sitting on their hands.

---rsk

• Previous message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Next message (by thread): [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]