Report: NSA Knew of, And Exploited, Heartbleed Bug for Two Years
- Thread starter BlameTheWizards
- Start date
I am honestly not sure what to believe about this, on one hand its the NSA, I don't doubt that if they knew about the issue they would exploit it, on the other hand its the NSA, even if they had no idea about the issue they would be blamed for it and/or accused of exploiting it at this point.
This. Besides, "two sources" is pretty damn convenient. I think that claiming the NSA knew about the glitch so far in advance of everyone else is being waaaaaaaay too charitable.Felix the Human said:
How can they... uh... what? Allow glitchy software to exist? Allow their intelligence agency to gather intelligence?NuclearKangaroo said:
What on Earth do you propose that they do?
Actually, it's not their job to find and fix glitches in security protocol. That's the DEV'S job.Riverwolf said:
Also, the article states in its opening paragraph that they've known about the glitch for two years, which is a whole different kettle of fish (and I also doubt it, but whatever).
So not only did you completely get their job description wrong, but you attacked them for the wrong thing.
...please be more careful about saying "do try to keep up".
stop compromising the security and privacy of the citizens of united states and the world maybe?lacktheknack said:
You're asking that Americans stop compromising their... own... security and privacy?NuclearKangaroo said:
Uh... you realize the only way they can do that is to exit the internet, right? Your privacy is compromised the instant your data his the first router if anyone is reading.
Unless you're saying that the NSA should be doing that, but then I question why you brought "Americans" into this in the first place.
Thanks for the fix, man.Neronium said:Fixed the link for you. The current set up in your post has it so that it goes to a 404 page on the Escapist.Storm Dragon said:
OT: Man...this just gets funnier and funnier. Honestly at this point if there is a more dangerous threat to the US, it's the NSA seeing as all the news that comes to light about them doesn't paint a pretty picture at all for them. All I know is that every conspiracy person who hears news about this has more self justification and gets more of the ability to gloat about being right.
boy do i really need to spell it out?lacktheknack said:
why do the american PEOPLE, the CITIZENS, allow the NSA, to invade their privacy without consent, and abuse system bugs to gain information, again, without consent, compromising the security of the data of these people, as well as their privacy, like i said
and since USA isnt the only country that uses the internet and most internet traffic goes through USA, NSA activities also compromise the security and privacy of the people around the world
Yes, please spell out what you want them to do. Everyone knows the problem, no one has a solution.NuclearKangaroo said:
Shoot the NSA wholesale?
Except the 'S' in "NSA" is supposed to stand for Security. In this case, for every piece of questionable content they could monitor by exploiting the bug, there could be a few hundred more pieces of private information going out.LunaticPanda said:
This doesn't seem so much like "gathering intelligence" as much as rummaging through people's drawers (figuratively speaking, of course) and leaving the back door wide open when they leave. They might match a few fingerprints on the silverware, but any thief with two working eyes can walk in and swipe the credit cards(less figuratively speaking).
i dont know dudelacktheknack said:
my country is protesting because this wacko wants to turn my beautiful country into cuba 2.0 and destroy the democracy so many people died to obtain
maybe you could protest to preserve the right for privacy you, you parents and your grandparents have enjoyed so far, believe me, its not worth it to wait until the very last moment when your enemy is at its strongest
Boy, does this really need to be spelled out? [i/]Because we don't know what they are doing.[/i] That's the whole bloody point of spies - to gather intelligence without the other side knowing. What do you propose we do? Have the NSA regularly release a document of all their findings? That would undermine the (slimy) organization's entire purpose. I guess we could protest, that worked soooo well after the Snowden deal. Oh, wait, no it didn't; another bs PR job was created and the NSA was smacked on the wrists. Maybe it's just my cynicism boiling over, but with both parties being effectively the same and assuredly almost completely corrupt, there is little the American people can do except wait until the government pushes too far and we can rebel, overthrow, and rebuild it (as is our right by the Constitution).NuclearKangaroo said:
As for the whole consent thing, that's... stupid. "Hello, NSA? could you please not look up anything that has to do with me? Thanks." "Hmmm, I wonder what he's trying to hide..."
Beyond that, the NSA is an American government department; in other words, why should they care about compromising the rest of the world? That'd make their job easier, in fact.
And finally, only 2 anonymous sources are saying this. We have [i/]no idea[/i] if they were exploiting this for 2 years. I don't mean for all this to sound mean or to defend the NSA (I despise them), but examine the evidence before jumping to conclusions please.
I had typed out a long rebuttal explaining that I HAD kept up... but then I went back to double-check exactly what Heartbleed IS: not an extremely sneaky virus some black-hat coded(which I had just assumed, not being aware of it 'till earlier today... not sure how that happened), but a bug in an open-source program. Obviously if the NSA weren't aware of it in that case, then it's not as much on their shoulders as I had implied (who seriously has the manpower to carefully examine every single line of every single open-source program out there that might have to do with security?)lacktheknack said:
Sometimes the fire can take control and cloud reason.
Therefore, I shall indeed try to be more careful about keeping up myself. Thanks for calling me out on that. (Call me out on any misjudgments on this post, too; I want to improve.)
HOWEVER, considering everything that's been happening with the NSA et al, I'm pretty much leaning towards guilty on knowing about it for two years and exploiting it. Even if they aren't guilty on this particular one (which is certainly possible given the unknown nature of the sources, the only thing keeping me "leaning" rather than "committed"), the fact that they've been illegally spying on citizens of the world doesn't exactly help their case. If they are guilty, then they did indeed leave us vulnerable to potential cyberterrorism.
So, the NSA kind of committed treason here. It's their job to guard the US citizens against potential foreign attacks and tell the citizens if something like this happens. And since 2/3 of websites are affected, all of your data could have been taken by foreign intelligence agencies. And what did the NSA do about it? Nothing good. They abused the vulnerability to spy on the US citizens instead of telling people about it. That's treason 101.
So for those of you who still think that Edward Snowden is the traitor, think of it this way. Who told you that you're being spied on by your government and who was keeping valuable information about very dangerous vulnerabilities so they could spy on you? Who broke the 4th Amendment to do what they did? It doesn't get much clearer who the bad guys are in this story. Goddamn, the US is more and more fascist by the day.
So for those of you who still think that Edward Snowden is the traitor, think of it this way. Who told you that you're being spied on by your government and who was keeping valuable information about very dangerous vulnerabilities so they could spy on you? Who broke the 4th Amendment to do what they did? It doesn't get much clearer who the bad guys are in this story. Goddamn, the US is more and more fascist by the day.
So say many countries, private industries and people who were affected by this got together... could they not now launch proceedings against the USA for damages?
Because if so... I totally need too call my lawyer on a... er... unrelated... yeah, unrelated matter.
As for a solution: There is always the British solution: Ineffectively restructure everything which as a result hamstrings for the agency for over a decade while it plays administrative catch up and more and more information slips through it's fingers like grains of sand. Not only permanently damaging the organisations reputation so it's easy to sell off to private investors at a massively undervalued rate, but also ends up lining the pockets of the same politicians social circle that initiated the restructuring.
Then you get to keep the NSA, re-branded as something like the 'NatSec the Safety Agency', but it'll be under so much red tape for so many years there is nothing it can do effectively.
Because if so... I totally need too call my lawyer on a... er... unrelated... yeah, unrelated matter.
As for a solution: There is always the British solution: Ineffectively restructure everything which as a result hamstrings for the agency for over a decade while it plays administrative catch up and more and more information slips through it's fingers like grains of sand. Not only permanently damaging the organisations reputation so it's easy to sell off to private investors at a massively undervalued rate, but also ends up lining the pockets of the same politicians social circle that initiated the restructuring.
Then you get to keep the NSA, re-branded as something like the 'NatSec the Safety Agency', but it'll be under so much red tape for so many years there is nothing it can do effectively.