{"id":186187,"date":"2014-04-11T20:57:00","date_gmt":"2014-04-12T01:57:00","guid":{"rendered":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/04\/11\/why-the-nsa-cannot-be-trusted-with-our-cybersecurity\/"},"modified":"2014-04-11T20:57:00","modified_gmt":"2014-04-12T01:57:00","slug":"why-the-nsa-cannot-be-trusted-with-our-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/04\/11\/why-the-nsa-cannot-be-trusted-with-our-cybersecurity\/","title":{"rendered":"Why the NSA Cannot be Trusted with Our Cybersecurity"},"content":{"rendered":"
<\/a>
XKCD Explains the Exploit<\/a><\/i><\/div>\n

Many of you may have heard of the “Heartbleed” bug<\/a>, which may allow people to access passwords of users and the crypto keys of for websites using the most popular SSL program, OpenSSL.<\/p>\n

It now appears that the NSA knew about Heartbleedfor 2 years, and kept it a secret so that they could use the exploit<\/a>:<\/p>\n

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.<\/span>

<\/span> The agency\u2019s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government\u2019s top computer experts. The NSA, after declining to comment on the report, subsequently denied that it was aware of Heartbleed until the vulnerability was made public by a private security report earlier this month.<\/span>

<\/span> \u201cReports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,\u201d according to an e-mailed statement from the Office of the Director of National Intelligence. <\/span>

<\/span> Heartbleed appears to be one of the biggest flaws in the Internet\u2019s history, affecting the basic security of as many as two-thirds of the world\u2019s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.<\/span>

<\/span> Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations\u2019 intelligence arms and criminal hackers. <\/span><\/p><\/blockquote>\n

This bug is, to Bowlderize Joe Biden, “A big f%$#ing deal.”<\/p>\n

It basically completely breaks internet security, and the NSA sat on it, because they wanted to use the exploit.<\/p>\n

The idea that anyone would allow the NSA in on any<\/b> discussion of computer security is truly troubling.  It is like like allowing a young Willie Sutton to consult on bank security.*<\/sup><\/p>\n

*<\/sup> Later in life, after he got out of prison, Willie Sutton did<\/span><\/b> actually consult on bank security.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

XKCD Explains the Exploit Many of you may have heard of the “Heartbleed” bug, which may allow people to access passwords of users and the crypto keys of for websites using the most popular SSL program, OpenSSL. It now appears that the NSA knew about Heartbleedfor 2 years, and kept it a secret so that …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[970,1062,997,1061,1025],"tags":[],"class_list":["post-186187","post","type-post","status-publish","format-standard","hentry","category-corruption","category-espionage","category-internet","category-security","category-technology"],"_links":{"self":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186187"}],"collection":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/comments?post=186187"}],"version-history":[{"count":0,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/186187\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/media?parent=186187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/categories?post=186187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/tags?post=186187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}