If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Huffington Post)   About those breathless news reports about the NSA knowing about Heartbleed for two years and taking advantage of it? The NSA says that's not true at all, and if we can't believe the NSA, who can we believe?   (huffingtonpost.com) divider line 68
    More: Followup, NSA, Heartbleed, news, Kim Zetter, private keys, Director of National Intelligence, credit card numbers, SSL  
•       •       •

1903 clicks; posted to Main » on 12 Apr 2014 at 10:44 AM (31 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



68 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2014-04-12 12:54:55 PM  
So just wait for the Snowden memo that points it out.
 
2014-04-12 12:59:04 PM  

ReverendJynxed: So just wait for the Snowden memo that points it out.


Heh, I'm sure the Guardian journalist who is slowly leaking Snowden's info is on top of it already.  Would this Sunday's issue maximize the publicity, or should they wait a week?

/hypothetically
 
2014-04-12 01:03:05 PM  

MNguy: They're probably monitoring this thread, RIGHT NOW.


i.imgur.com
 
2014-04-12 01:11:36 PM  

Doktor_Zhivago: My understanding is that it just spits out random memory blocks that may or may not be particularly useful. The NSA was installing back doors into hardware and has the ability to track actual phone calls so I don't see how this is particularly useful to them


RANDOM data? It can return encryption keys, allowing them to decrypt ALL transmissions. It can return last memory, which would include usernames and passwords. once you have that for a persistent storage service then it's all over. But it can also do that for live connections, such as chat sessions.

Again, SSL and TLS1.0- already had a similar vulnerability, but the fact that it's implemented for TLS1.1+ in OpenSSL is troubling. Thankfully, it should only take a few weeks to push a new version. firmware update and done.
 
2014-04-12 01:19:13 PM  

Yankees Team Gynecologist: pdkl95: Well, it's at least 1 in 6 writers. We should add in all the people in jail that were not told the proper source of the "evidence" against them (probably because of parallel construction)

I'm looking for a "body" count so to speak (not literal deaths, but persons hassled/persecuted).  I understand that granting law enforcement this access opens the door to all kinds of abuses, so I'm interested in hearing the actual horror stories.  Note that I'm not saying that I think it's low--I'm interested in whatever the result is, high, low, or anything in between.  I don't see a lot of these specific stories around, but that could just mean they're not easy to document.


That's the thing about these kinds of abuses: the part we (the public) get to see is likely only a tiny part of what goes on, and we often have to dig through layers of indirection to find it.

As for hassled/persecuted, if you haven't yet done so, you should read the link I gave up above by Binney/Drake/etc. Specifically, Thomas Drake's story, which you can also hear him tell in his own words at this talk at 29C3 (I've linked to Drake's talk, but Radack's and Binney's talk in that video are also worth watching).
 
2014-04-12 01:49:04 PM  

uber humper: MNguy: They're probably monitoring this thread, RIGHT NOW.

Paging lasershurt , paging lasershurt please make your presence known

We have a couple residents LH is one can't remember handles of others


Seriously, what even

It's Saturday

Do a thing
 
2014-04-12 01:56:46 PM  

meow said the dog: I am sensing the sarcasm from the submission headline of this but do not think that is the appropriate thing. I do have the trust of the NSA. In fact I will say this to you I believe that the NSA is perhaps the most upstanding of all of the agencies of the government. Oh you will say BUT OM MAGOODNESS THEY ARE DOING THE SPYING. What do you have for hiding from they? What do you do to cause the fear of you from they who are not wishing to cause the fear of you but instead are hoping to reduce the fear of you by preventing the terrorism.

Maybe if you had the appreciation for these individuals and the hardworking you would understand.


clearly the result of a lack of oxygen. you should remove the plastic bag from your head for awhile before attempting to post here.
 
2014-04-12 02:15:18 PM  

some_beer_drinker: meow said the dog: I am sensing the sarcasm from the submission headline of this but do not think that is the appropriate thing. I do have the trust of the NSA. In fact I will say this to you I believe that the NSA is perhaps the most upstanding of all of the agencies of the government. Oh you will say BUT OM MAGOODNESS THEY ARE DOING THE SPYING. What do you have for hiding from they? What do you do to cause the fear of you from they who are not wishing to cause the fear of you but instead are hoping to reduce the fear of you by preventing the terrorism.

Maybe if you had the appreciation for these individuals and the hardworking you would understand.

clearly the result of a lack of oxygen. you should remove the plastic bag from your head for awhile before attempting to post here.


well you're not new here, so have you been away for awhile?  That's a regular meow-mix post
 
2014-04-12 02:24:23 PM  
At this point the NSA's reputation and credibility is so shot that if they want people to believe something, the NSA should assert the opposite. So they should have said, "We exploited the hell out of this bug," and everybody would assume they never did.
 
2014-04-12 04:06:10 PM  

Yankees Team Gynecologist: jshine: It'd seem paranoid ... except for all the well-documented nefarious plots that we've seen already.

Serious question--how many upstanding citizens have been/think they have been/are thought to have been farked by those NSA practices?  For the purposes of this question, do not count read-only use of personal email, Facebook, etc. but otherwise not influencing people's lives as "farked."  Also, I don't really count finding but staying quiet about Heartbleed (even if it allowed ID theft by non-NSA criminals) because it was out in the open for everyone to see; I would however count it if they actively created it, or cases where the NSA used Heartbleed as an avenue to legitimately fark someone.

I think I did hear about at least a few cases where the federal government seems to have silenced or shut down some people and businesses.  I understand that even if it's 1 person, that's 1 too many; and even if it's 0, it's still a serious violation of civil liberties.  So my above question is obviously not the same as asking "Is what the NSA does OK?"

However, I still think it is a valid question for certain practical considerations.  For example, if the number is extremely low, I would rather the NSA were the exploiters of Heartbleed than cybercriminal organizations. Both are bad but only the latter would have practical implications.  Of course it could be both, which is the worst part about the NSA weakening security.


I have no problem with them intercepting it if they could process it real time and identify threats. The problem I have is storing it.
 
2014-04-12 04:47:23 PM  
imageshack.com
 
2014-04-12 05:08:25 PM  
I'm not an expert, but from what  I read, it's NP-hard to actually use this exploit in the real farking world.
 
2014-04-12 05:09:46 PM  

Slappajo: I have no problem with them intercepting it if they could process it real time and identify threats, and have a warrant. The problem I have is storing it.


FTFY
 
2014-04-12 05:39:53 PM  

pdkl95: Slappajo: I have no problem with them intercepting it if they could process it real time and identify threats, and have a warrant. The problem I have is storing it.

FTFY


Honestly, as long as there is not a name attached to to the data, I don't care if they have a warrant or not as long as they can process real time. If something comes up that makes them say "Hey, who the fark is this guy?" the the warrant comes in to monitor the specific person more closely as long as a judge agrees there is enough evidence to do so.
 
2014-04-12 08:56:18 PM  
Folks interested in the NSA should go read The Secret Sentry, excellent book that doesn't pull punches.
 
2014-04-12 09:29:10 PM  
ObamaNSA
 
NFA [TotalFark]
2014-04-13 08:24:06 AM  

unlikely: They're worse than what we thought the KGB were in the 80s.


Wait until the really good stuff is revealed.  Snowden said the best is yet to come.  I bet we're going to find out that the NSA has been spying on American politicians and foreign corporations, then leaking the info to wealthy American business owners.
 
2014-04-13 10:39:47 AM  

NFA: unlikely: They're worse than what we thought the KGB were in the 80s.

Wait until the really good stuff is revealed.  Snowden said the best is yet to come.  I bet we're going to find out that the NSA has been spying on American politicians and foreign corporations, then leaking the info to wealthy American business owners.


How long do they let this go on before they point out that the Jello Shot was invented by one of theirs?
 
Displayed 18 of 68 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report