**NSA Said to Have Used Heartbleed Bug, Exposing Consumers
**
[FONT=arial]The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
[/FONT]
[FONT=arial]The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.[/FONT]
Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
Posting the quote here in Soabbox without offering any opinion might be seen as the act of an “agent provocateur”. Perhaps the idea crossed your mind that the NSA might have fixed the bug. lol!
Well this is nice, I posted something long here but the forums bugged out and decided to erase it all and returned me to an empty page with nothing in it.
In short; NSA knew about it for years as did most certainly other agencies and worst of all - criminals.
Very annoying when it happens, and unlucky. I’ve had that. The only way to avoid totally is to compose off line and copy into post. Sometimes for longer posts I copy to clipboard, and sometimes that persists across the failure, and copied into a new post. It can be the case if one starts afresh, the paraphrased version is briefer and more to the point.
In short; NSA knew about it for years as did most certainly other agencies and worst of all - criminals.
Criminals will exploit any loophole. Here the Police Service is supposed to protect the public from criminal activity, but they are unlikely IMO to uncover exploitable software components. It would have to be a really, really serious crime to justify the forensic work involved. I don’t think the NSA or security services generally are in place to protect us in that way. Where were all the so-called professional security hackers and expert companies?
Surely, the responsibility lies with the owning software project and the coders. They unwittingly gifted the NSA and others with a useful tool as an advantage over their enemies or at least equivalence in capability.
> Well this is nice, I posted something long here but the forums bugged
> out and decided to erase it all and returned me to an empty page with
> nothing in it.
>
Plus it’s a problem with this forum and nowhere else. This is the only forum I have ever ran into this issue anywhere on the web and trust me, I post a lot.
I tend to copy/paste for exactly these occaisions (which happen every now and again). In fact, I do this for any web-based input, where I value what I’ve typed and don’t wnat to have to recreate it for any reason.
Big freaking surprise. State intelligence agencies are not the Charitable Sisters of the Holy Cross, they are people specialised in dirty tricks to further their employers’ (i.e. the State they work for) power and knowledge. Anything is fair game as long as it’s not in the open. We the people have a right to be kept innocently unaware of that and go on with our daily lives in the most honorable way.
The “Three Wise Monkeys” approach to civilization.
It tends to backfire when a State faces a free Press and the “anything” appears in the public domain. It can also lead to international sanctions and adversely affect a State’s economy. That tends to set some moral limits, but I wouldn’t want to get into any specific examples here on the forum (i.e. politics, beliefs, etc not being allowed).
it appears to me that the bulk of topics centered around what we might have called in school, “humanities”, is considered “off-topic” or even “forbidden” on virtually all GNU/Linux forums, such as this one and others on which I am occasionally posting. It’s even dangerous to discuss Stallman’s views on here, without risk of the censor, what an irony.
Most of us claim to dislike the NSA, but at the same time we use Kindles, a.k.a “Swindles”, smart phones, Google, Facebook, Twitter, etc., etc., and somehow accept a level of corporate influence and interference in our lives that a mere 20 years, we would find absolutely unbelievable and appalling. Lets not exaggerate the nefariousness of the NSA until we are willing to let go of our Android, Apple & Blackberry devices and go back to the life, we of a certain age group, all thought perfectly normal and acceptable a mere 25 years ago. People claim that they seek anonymity, but behavior says otherwise.
On Sun, 13 Apr 2014 10:56:01 +0000, consused wrote:
> but I wouldn’t want to get into any specific examples here
> on the forum (i.e. politics, beliefs, etc not being allowed).
Thank you, that’s appreciated - and a good reminder for other
participants in this thread (though “beliefs” should be replaced with
“religion” to be “correct”).
It’s curious how people of a “humanistic” education tend to view the world so differently from scientist and techies (and yes, science and tech are are not the same, they require different mindsets). I think this can be discussed here, without getting into specifics.
That’s it. We humans are lazy and tribal, and our actions reflect that.
On 2014-04-14, Karmovorotin <Karmovorotin@no-mx.forums.opensuse.org> wrote:
> BSDuser;2636725 Wrote:
> world so differently from scientist and techies (and yes, science and
> tech are are not the same, they require different mindsets).
Not really. I’m a scientist, and I can tell you that a scientific methodologist without technological development makes
a bad scientist as much as technological developer without scientific methodology makes a bad techie.
True, but even then the focus must be distinct. Scientists are driven more out of curiosity, we techies have a less idealistic outlook. Still, the difference as you well said is minor.
Not sure I get that wrt curiosity? Perhaps you trying to draw the distinction where some science may only have theoretical value i.e. increase in knowledge, whereas technology mostly has practical value i.e. it’s usually put to work.
On Mon, 14 Apr 2014 08:26:01 +0000, Karmovorotin wrote:
> BSDuser;2636725 Wrote:
>> it appears to me that the bulk of topics centered around what we might
>> have called in school, “humanities”, is considered “off-topic” or even
>> “forbidden” on virtually all GNU/Linux forums, such as this one and
>> others on which I am occasionally posting. It’s even dangerous to
>> discuss Stallman’s views on here, without risk of the censor, what an
>> irony.It’s curious how people of a “humanistic” education tend to view
>> the
> world so differently from scientist and techies (and yes, science and
> tech are are not the same, they require different mindsets). I think
> this can be discussed here, without getting into specifics.
Yes, science and tech (minus politics) is fine.
Our FAQ explains why the topics of politics and religion are off-limits
here. It’s not “censorship”, its “proactive community management” - we
want to keep things friendly and civil here, and discussions about
politics and religion tend to get ugly REALLY fast.
Talking about Stallman’s views here is fine, as long as it doesn’t stray
into politics or religion. (Stallman’s views can be divorced from his
politics, but it can be a fine line to walk - and we understand that.
That’s why we tend to warn rather than start with the ‘ban hammer’.)
I don’t know where you got that the staff here has a “humanistic”
education - I’m a techie at heart, have been for my entire adult life. I
daresay I understand the issues probably better than most. But I also
understand that a community that is fighting, engaging in ad-hominem
attacks (which discussions about politics/religion usually end up with -
just read the comments section of pretty much any news site to see how
people behave when they can hide behind anonymity and no moderation), and
otherwise being generally unpleasant.
We ask that the membership respect the “rules of the road” here. There
are plenty of places on the 'net to talk about politics and religion if
you want. This isn’t one of them.