Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Issue Forums»Editorials & Other Articles»How The NSA Shot Itself I...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Editorials & Other Articles

Related: About this forum
 

Purveyor

(29,876 posts) Sat Apr 12, 2014, 06:12 PM Apr 2014

How The NSA Shot Itself In The Foot By Denying Prior Knowledge Of Heartbleed Vulnerability

The National Security Agency has eyes and ears everywhere. At least, so we thought.

In 2011, during a classified but widely-known operation at Fort Meade, MD, government crypotographers and developers downloaded the OpenSSL source code as it does with dozens of other open and available to inspect software available on the Web. The operation's objective was to find weaknesses in the library and exploit those vulnerabilities as part of wider efforts by the intelligence agency to conduct mass-scale surveillance.
Read this
UK, US able to crack most encryption used online

UK, US able to crack most encryption used online

Read more

After the code was downloaded and compiled, the developers were soon able to pinpoint a programming flaw in the code, which would have allowed the agency to collect usernames and passwords far quicker, more efficiently, and at a lower cost than its bulk data collection programs, notably its fiber cable tapping operation named Upstream.

Executives and senior officials heralded it as one of the biggest vulnerability discoveries in the intelligence agency's recent history. A single programming flaw that it could exploit and use to tap directly into the communications of hundreds of millions of users, and gain system administrative privileges to vacuum up every shred of data it could find. Not just once, but at will, and it was untraceable.

It was the NSA's golden goose.

Except, none of that happened, according to a statement by the U.S.' director of national intelligence, James Clapper, who said on Friday following the Bloomberg report citing two people familiar with the situation. "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report."

MORE...

http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed-flaw-7000028366/

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 1 replies, 1020 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (5) ReplyReply to this post
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
How The NSA Shot Itself In The Foot By Denying Prior Knowledge Of Heartbleed Vulnerability (Original Post) Purveyor Apr 2014 OP
the meat of the matter grasswire Apr 2014 #1

grasswire

(50,130 posts)
1. the meat of the matter
Reply to Purveyor (Original post)
Sat Apr 12, 2014, 07:52 PM
Apr 2014
Clapper has, either intentionally (though more likely inadvertently) revealed the agency's own core internal weaknesses and deficiencies probably more so than any other revelation leaked by whistleblower Edward Snowden, who remains responsible for the biggest global intelligence leak in post-World War II history.

The NSA's job, first and foremost, has been blown up by the Snowden leaks in a specific and precise way than the agency's simplistic "protect America" rhetoric -- from tapping fiber cables, demanding data from Silicon Valley servers, intercepting wireless transmissions, and exploiting vulnerabilities and flaws in common encryption standards in order to vacuum up all the data things.

Forget what you think about the NSA right now. Speaking in devil's advocate terms, as taxpayers we pay for the NSA to protect the U.S. and its citizens and interests at home and abroad from foreign threats. With an international "mutual assured destruction" policy between our friends, enemies, and frenemies on the world stage, intelligence gathering is just a fact of life. And the NSA is not going anywhere any time soon,

By admitting that the NSA had not exploited the Heartbleed bug, described as "catastrophic" and the "worst vulnerability found" on the Internet since commercial traffic began to flow along its pipes, it shows how fundamentally flawed the agency is.
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Issue Forums»Editorials & Other Articles»How The NSA Shot Itself I...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.