If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(LA Times)   Did the NSA put the worm in your Apple?   (latimes.com) divider line 10
    More: Followup, NSA, Gotofail, osx, Daring Fireball, John Gruber, worms, security bug, bugs  
•       •       •

2784 clicks; posted to Geek » on 24 Feb 2014 at 8:03 AM (21 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest

2014-02-24 10:44:10 AM
2 votes:
Security at the desktop is really nothing more than a security blanket. Once the packets leave your machine and are in the wild, you might as well be inviting the NSA over for a cup of coffee while they watch you type.

For all the encryption that we have going on you can bet that they have ways around it. If they don't have a master key to something, rest assured that
billions are being spent creating those master keys.

Seven proxies aren't even enough these days.

 img.fark.net
2014-02-24 09:54:05 AM
2 votes:

iremo: nulluspixiusdemonica: ....er...No. Because even the NSA has standards. This is copy-pasta junk courtesy of closed source development...

The "open source will be much more secure because issues will be spotted faster" idea sounds like it makes a lot of sense in theory, whereas in practice there was a gaping flaw in Debian's SSL because somebody left something commented out in the random number generation and nobody noticed. . .  for two years.


When everyone assumes someone else is looking for mistakes, no one is looking for mistakes.
2014-02-24 08:24:57 AM
2 votes:

nulluspixiusdemonica: ....er...No. Because even the NSA has standards.


No they don't.  Any and everything they can possibly monitor and/or penetrate, they will.

Why?  Because if it's known that X can't be penetrated by the NSA, the "bad guys" will use X.  And I put "bad guys" in quotes because not all the people the NSA monitors are actual, you know, bad guys.
2014-02-24 12:46:15 PM
1 votes:

nulluspixiusdemonica: ....er...No. Because even the NSA has standards. This is copy-pasta junk courtesy of closed source development...


This is sounding more and more like some test code that was inserted to make a testbed easier to run.  Don't want to get real certs installed on all the test servers, so I'll just add this "stop warning me" line of code to the build.  Oops - forgot to pull that thing out because there wasn't a sev. 1 bug listed against that code build to make sure it was pulled out...  And we ship it.

Had something very similar to this happen to me on some production code that was pushed.  Worked great in the test bed - blew up in production instantly.  Bug was traced back to a tester "adding" something to get their test cases to pass...  That was an uncomfortable week for the source code control team.
2014-02-24 11:20:20 AM
1 votes:

nulluspixiusdemonica: dittybopper:  No they don't.  Any and everything they can possibly monitor and/or penetrate, they will.

I was, of course, referring to the actual code.....
http://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html


This is why you always always always use { } for control statements. There are no exceptions. None. You did not just think of one.
2014-02-24 11:02:41 AM
1 votes:

aspAddict: Security at the desktop is really nothing more than a security blanket. Once the packets leave your machine and are in the wild, you might as well be inviting the NSA over for a cup of coffee while they watch you type.

For all the encryption that we have going on you can bet that they have ways around it. If they don't have a master key to something, rest assured that
billions are being spent creating those master keys.

Seven proxies aren't even enough these days.

 [img.fark.net image 400x400]


No computerized device is completely secure.  Even if you have the absolute best encryption possible, if you've got unecrypted data on the device, and it's connected to the outside World, then the NSA/GCHQ/BND/Etc. doesn't have to break the encryption, they can merely side-step it.
2014-02-24 09:01:43 AM
1 votes:
Looked like a bad merge caused by source control software rather than a cut & paste bug. But whatever.
2014-02-24 08:56:34 AM
1 votes:

nulluspixiusdemonica: ....er...No. Because even the NSA has standards. This is copy-pasta junk courtesy of closed source development...


The "open source will be much more secure because issues will be spotted faster" idea sounds like it makes a lot of sense in theory, whereas in practice there was a gaping flaw in Debian's SSL because somebody left something commented out in the random number generation and nobody noticed. . .  for two years.
ZAZ [TotalFark]
2014-02-24 08:38:06 AM
1 votes:
I would have spotted that in a code review. With good source control practices NSA should not have been able to pay off enough people to get it through a serious change control process.

On the other hand, it's easy to imagine a duplicated line coming from an automated merge not subject to code review.  You may only have to pay off one person in that scenario, or it could just happen.
2014-02-24 08:27:33 AM
1 votes:
The Apple Insider blog insisted in a lengthy post that the focus on Apple's security problem this weekend was part of a broader conspiracy between the media and Samsung.

Oh god. Suck my farts.
 
Displayed 10 of 10 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report