NSA Said to Have Used Heartbleed Bug, Exposing Consumers

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: murraypaul on April 12, 2014, 05:23:17 AM

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html

---------------------------------------------------------------------------------------------------------
Obama is such a great dude.

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: TheIrishman on April 12, 2014, 05:21:46 PM

The NSA's Heartbleed problem is the problem with the NSA

http://www.theguardian.com/commentisfree/2014/apr/12/the-nsas-heartbleed-problem-is-the-problem-with-the-nsa

<< What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely. >>

Hey! I should write for the Guardian if my English wasn't atrocious. That was the point I was making in post #8

TheIrishman

legendary

Activity: 1049

Merit: 1006

The NSA's Heartbleed problem is the problem with the NSA

http://www.theguardian.com/commentisfree/2014/apr/12/the-nsas-heartbleed-problem-is-the-problem-with-the-nsa

<< What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely. >>

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: murraypaul on April 12, 2014, 05:23:17 AM

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

My game theory, based on evidence, tells me I should not believe the NSA or anyone representing this organization.

https://www.youtube.com/watch?v=4v7YtTnon90

zolace

sr. member

Activity: 364

Merit: 250

How do we know there isn't a new security "flaw" or "bug" that will capture you login and password when you change it? and this is NSA way for getting everyone to change their password so they can capture it?

Wipeout2097

sr. member

Activity: 840

Merit: 255

SportsIcon - Connect With Your Sports Heroes

Quote from: harkonnen on April 12, 2014, 05:53:10 AM

Quote from: Wipeout2097 on April 12, 2014, 05:32:37 AM

Quote from: murraypaul on April 12, 2014, 05:23:17 AM

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

Code quality tends to be higher when it's fun to code. When you work for the money, have to meet the deadline, have to work on the project you don't really have passion for it degrade overall code quality.
Plus source codes of free software / open source are open. And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

Ok, but that has barely anything to do with my point. Note that I'm not saying if NSA is better at writing code than the open source community, or not. The "comparison" is made between NSA hackers/exploiters ability to crack vs OSS developers to plug holes, not OSS vs commercial devs, neither NSA vs Defcon participants. It's somewhat apples and oranges comparison, yes, but that is what I'm replying to.

murraypaul

sr. member

Activity: 476

Merit: 250

Quote from: harkonnen on April 12, 2014, 05:53:10 AM

And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

As you don't have access to the source code to non-open-source projects to compare, that is really more of an article of faith than actually proven, isn't it?

harkonnen

full member

Activity: 210

Merit: 100

Quote from: Wipeout2097 on April 12, 2014, 05:32:37 AM

Quote from: murraypaul on April 12, 2014, 05:23:17 AM

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

Code quality tends to be higher when it's fun to code. When you work for the money, have to meet the deadline, have to work on the project you don't really have passion for it degrade overall code quality.
Plus source codes of free software / open source are open. And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

Wipeout2097

sr. member

Activity: 840

Merit: 255

SportsIcon - Connect With Your Sports Heroes

Quote from: murraypaul on April 12, 2014, 05:23:17 AM

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

murraypaul

sr. member

Activity: 476

Merit: 250

Quote from: cooldgamer on April 11, 2014, 06:13:54 PM

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

Supposedly the NSA's mission is about protecting, not just spying on the US citizen. Lots of companies are American paying taxes, taxes helping the NSA's employees. But It needs to spy, not to protect thus making everyone exposed to the bug.

Because it is its nature. We are the frog, NSA is the scorpion on our back.

cooldgamer

legendary

Activity: 1218

Merit: 1003

We are the champions of the night

Quote from: murraypaul on April 11, 2014, 04:56:12 PM

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

murraypaul

sr. member

Activity: 476

Merit: 250

Quote from: Equate on April 11, 2014, 04:37:46 PM

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

Equate

hero member

Activity: 770

Merit: 500

No wonder many critical bugs are still unpatched and being exploited in the wild.

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: cooldgamer on April 11, 2014, 03:41:10 PM

It gets worse every day...

I have spent the last 2 hrs resetting and changing all my passwords on the concerned sites. Here is a list. This should be on every section of bitcointalk.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

http://mashable.com/search/?t=stories&q=heartbleed

cooldgamer

legendary

Activity: 1218

Merit: 1003

We are the champions of the night

It gets worse every day...

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Proof that, if it knows about that missing plane position thanks to its spy satellites and other means, the NSA will NEVER share that information to save lives.

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

Topic: NSA Said to Have Used Heartbleed Bug, Exposing Consumers (Read 684 times)