NSA Director Says Agency Shares Most, But Not All, Bugs It Finds 170
Trailrunner7 writes: When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it's typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs it finds, NSA Director Mike Rogers said, but not all of them.
Speaking at an event at Stanford University, Rogers said that the NSA has been told by President Barack Obama that the default decision should be to share information on new vulnerabilities "The president has been very specific to us in saying, look, the balance I want you to strike will be largely focused on when you find vulnerabilities, we're going to share them. By orders of magnitude, when we find new vulnerabilities, we share them," Rogers said.
Speaking at an event at Stanford University, Rogers said that the NSA has been told by President Barack Obama that the default decision should be to share information on new vulnerabilities "The president has been very specific to us in saying, look, the balance I want you to strike will be largely focused on when you find vulnerabilities, we're going to share them. By orders of magnitude, when we find new vulnerabilities, we share them," Rogers said.
That sounds nice... (Score:5, Insightful)
That sounds good. Except for one tiny thing:
I DON'T BELIEVE YOU.
Re:That sounds nice... (Score:4, Insightful)
Re: (Score:2)
Exactly. With their culture and policy of black box secrecy and the number of times they've been caught lying both to the public, as well as to their supposed bosses (congress, senate, president) is there anyone left dumb enough to believe anything they say?
I think you answered that yourself: congress, senate, president
That sounds nice... (Score:3, Insightful)
They only report the bugs they find, not the ones they create.
Re: (Score:2)
I believe him. Here my interpretation of what he said: "We share all bugs we find with large corporations except a small number of 0-day exploits for each system that we keep to ourselves and always up-to-date."
Re: (Score:2)
Well, you see, it is all down to the literal interpretation of the words used. "we share the bugs we find", now exactly what does that mean, does it mean they detail the bugs and provide a solution to the company that produces the software or do the 'share' the bug by creating a exploit and 'sharing' the consequence's of that bug with as many people as possible. You can bet you bottom US$ that when it comes to all foreign countries, screw allies, the second version of sharing is much preferred and when it
Re: (Score:2)
But they never lie. And they're always right.
Re: (Score:3)
That sounds like something Yogi Berra would say.
Re: (Score:2)
Re: (Score:2)
Alright, fair enough.
Number is irrelevant compared to severity (Score:5, Insightful)
By orders of magnitude, when we find new vulnerabilities, we share them
Number is irrelevant compared to severity, and you can be damn sure they keep the severe ones to themselves.
Re:Number is irrelevant compared to severity (Score:4, Insightful)
Exactly. They need only a handful of the most juicy vulnerabilities.
Besides, that we are having this whole discussion is ridiculous. "Yeah, know a bunch of secrets that we could use to crack into your computer...but we do reveal most of them -- honest!"
Re:Number is irrelevant compared to severity (Score:4, Insightful)
By orders of magnitude, when we find new vulnerabilities, we share them
Number is irrelevant compared to severity, and you can be damn sure they keep the severe ones to themselves.
Assuming this wasn't a bold faced lie. Which it more than likely was.
Assume that this statement was made for some other carefully designed purpose.
Re: (Score:2)
The NSA's mandate includes both data penetration and data protection! For this reason, I suspect it's not the severity, but the obscurity that matters. A vulnerability that's easy to find is going to make government machines easier to penetrate, so they're likely to want to close them. A vulnerability that requires standing on one leg while juggling two white cats and wearing a clown nose is something they can keep to themselves, because it's so unlikely that anyone else will stumble across it.
Re: (Score:2)
A vulnerability that requires standing on one leg while juggling two white cats and wearing a clown nose is something they can keep to themselves, because it's so unlikely that anyone else will stumble across it.
...and they have an ample supply of cats and clown noses.
Re: (Score:2)
Most. But not all. (Score:1)
In other news: "Most of our citizens are as free as in America, North Korea's supreme commander Kim Jon Un said, but not all of them."
Trust me (Score:2)
And why should we believe what Rogers says?
Re: (Score:2)
The truth is that they value their ability to penetrate ANY system higher than protecting Americans.
Your flawed logic is premised on the assumption that the ability to penetrate an adversary's computer isn't at times necessary in order to protect Americans. It is also premised on the assumption that they do not monitor for adversaries using the withheld flaws.
To what Standard? (Score:4, Insightful)
To what standard do you hold the US government as opposed to other governments? You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
My government protects me as I expect your government to protect you. Can't believe I'm going to do this... quoting blacklist quoting orwell, because i've certainly never read the mans essays myself, “Those who abjure violence can only do so by others committing violence on their behalf.”
I laughed at the Merkel spying thing... as if they didn't expect us to get as much information as possible, and as if we didn't expect them to return the favor. Faux outrage over common practices. IMO. If you don't want your leaders getting spied on... spend more money on your own agencies.
Re:To what Standard? (Score:4, Insightful)
Re:To what Standard? (Score:5, Insightful)
In that yes, if a vulnerability does not afford strategic value internationally, yeah, release it if it'll increase public security. But i'm inclined to believe we'd all agree that there's a cost benefit going on.
If it lets you spy on the iranians... or you know, cause their centrifuges to spin themselves apart. I don't want my intelligence agencies to release that vulnerability until they've spun those fuckers down.
It's really not in the NSA's job description to be exposing vulnerabilities in public systems so much as exploiting them. We don't have an agency whose job description touches cyber security.
Re:To what Standard? (Score:5, Interesting)
If it lets you spy on the iranians... or you know, cause their centrifuges to spin themselves apart. I don't want my intelligence agencies to release that vulnerability until they've spun those fuckers down.
You do realize that your statement here completely misses their point, right? How naive are you that you think only the NSA knows about these vulnerabilities? You really think criminals and other countries like China don't also know them and aren't using them against corporations and individuals in the US?
It's really not in the NSA's job description to be exposing vulnerabilities in public systems so much as exploiting them. We don't have an agency whose job description touches cyber security.
Hahahaha. That's so wrong it's hilarious. A central tent of the NSA's mission is to protect the security of the networks in this country.
Re: (Score:3, Informative)
That's not what he said. He said specifically that the NSA's job description isn't to expose vulns, and he's correct. Where he slipped is in saying that there's no agency which handles that. The truth is that this role does belong to US-CERT, and they do it all the time. They also coordinate heavily with NIST's NVD.
Re: (Score:2)
:) i wasn't aware, don't hear much about them :)
Re: (Score:2)
the war is not an international struggle against a foreign enemy, but a perpetual war against her own people.
Given that the NSA got caught red handed basicly spying on everyone in the USA, and then lied about it, its very reasonable to assume they have domestic targets.
The FBI has been caught r
Re: (Score:2)
What the NSA holds back from US OS and US tame telcos is shipped as international standards.
The cyber security tools get handed around for international and domestic use. Australia, Canada, the UK, NZ, then down to the third party nations and some other nations. Thats a lot of local staff using tools, methods, systems everyday on and with US telco and computing standards.
At some time the staff enter the private sector and t
Re: (Score:2)
Both Iran and Saudi are a mess. Pay offs aside, we're only allied with Saudi because Iran decided it hates our guts at the governmental level and we can't simply walk out of the Middle East. It's not really much use to complain about Saudi when we have little choice in the matter.
If Iran wants to come forward and dismantle their nuclear weapons program and come to an agreement with the West, I am sure everyone will be happy to have them join the fold. The ball is entirely in their court. Until then, we
Re: (Score:1)
The issue here is that the NSA went beyond spying on other leaders, and into rampant data collection on US citizens. There are very specific laws about how data can be gathered on US citizens by each part of the spy agencies, and the NSA was acting in aggressive violation of those laws.
Yes, the mock-outrage about US spies knowing how many mistresses the French president keeps is purely political with an effort toward keeping their own populaces ignorant.
Re: (Score:2, Insightful)
meh, i'm not particularly troubled by that, i'm more worried about google knowing everything about me... or facebook. something inherently dirtier about having my information sold for profit... and the whole profit motive strongly implying the spread of such information widely. My government will do a lot of things... but it won't sells what it finds out about me. It'll just sit on it.
Re: (Score:2)
i'm more worried about google knowing everything about me... or facebook. something inherently dirtier about having my information sold for profit...
Why would you worry about it? Google shares all that info with the NSA who you seem to love constantly surveilling your whole life.
Re: (Score:2)
i'm more worried about google knowing everything about me... or facebook.
Well then, you're in luck. You can avoid being spied on by the likes of Google and Facebook. You have no such choice about being spied on by the government.
Re: (Score:2)
To what standard do you hold the US government as opposed to other governments? You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
Most of the big web services that we are using are located in USA.
Re: (Score:2)
so pay to relocate.
People are and it's going to cost our economy big time.
Re:To what Standard? (Score:5, Interesting)
Doubtful.
Have you seen the economy of the rest of the world? Europe makes US manpower look practically 3rd world, and their energy costs are through the roof. Asia is starting to get expensive for manpower, and the environmental problems they're having are making it hard to attract and retain top global talent because nobody wants shitty water and air. Are you going to go to Russia to avoid domestic spying, 'cause that's not really the first place I think of when I list free and open discourse on privacy matters. Africa...yeah, right.
The US is the worst place to do business, except when you count just about everywhere else in the world. In which case it turns out to be pretty high on the list. And, honestly, it's not really dropping in the rankings.
Re: (Score:3)
Doubtful.
Then you've not been reading the news [venturebeat.com]. This isn't even particularly new news.
Re: (Score:3)
browsed it... the article says that companies that are worried about US tech companies are looking to Chinese companies... with strong ties to the military and government... wtf? Don't they have straight up state sponsored corporate espionage?
Re: (Score:2)
China is run by the Communist Party. There is no need for allegations to be substantiated for a Chinese company, they're more fundamentally at the mercy of the government than even the most cooperative US company is.
China's Free Market existence is at the whim of the same governmental structure that gave you the Great Leap Forward and the Cultural Revolution, they're just a lot less ideological and a lot more technocratic than Mao was. Economics aside, there is almost zero public accountability in China a
Re: (Score:2)
that's the way the cookie crumbles.
So you're definitely trolling. I really doubt you'll be saying the same thing once your job is lost due to lost business.
Those who are were going to do it eventually anyway...
[citation needed] Companies like Cisco have directly attributed lost business to the revelations of the NSA spying. There is no reason to believe such business loss would have happened otherwise.
Re: (Score:2)
And other national companies would lose business if their own spy agencies were exposed.
If it was a French company and the DGSE was exposed as doing this, people might leave that company too.
The thing is... the DGSE is almost certainly doing something similar. As well as most other countries who have spy agencies. And those countries that don't have spy agencies... well they're almost worse because they have no defense against other countries' spy agencies.
Having Cisco move does nobody any good whatsoever
Re: (Score:2)
Economics involving internet business is not and has never been zero sum. Please don't ever post here.
Re: (Score:2)
depends on what aspect you're looking at...
there's a limited customer pool for the same service. If they employ me, they have no incentive to also employ you too.
Re: (Score:2)
Why would you think they're all exactly the same or even similar? Usually when you compare countries you find that there is a large scatter in whatever metric you choose to use. Why should espionage be any different? Do you have any reason to think the scatter would be less than a factor of 2, or a factor of 5 or a factor of 20? If I were to hazard a guess, I would expect it to show similar variability as military budgets do (and I wouldn't be surprised to see a large covariance between the two). But I don'
Re: (Score:2)
i don't. but i also believe you get what you pay for... sometimes. We turn around and germany's been spying on brazil.
We are nations of men, not angels. I don't believe for a second that any nation is so pure that given the resources they would not be doing exactly the same thing.
name any country you can think of, and i'll name the country they'd give their eyeteeth to know everything about.
Re:To what Standard? (Score:5, Insightful)
To what standard do you hold the US government as opposed to other governments?
The standard it proclaims for itself about being a beacon of freedom oh and that whole "Land of the free. Home of the brave" stuff.
You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
Because the US holds itself up as being morally superior to others? Because its Head of State is proclaimed to be the "Leader of the Free World" in hilariously Orwellian doublespeak.
My government protects me as I expect your government to protect you.
Dictatorships always proclaim this. That they only do what they do for the "good of the people".
I laughed at the Merkel spying thing... as if they didn't expect us to get as much information as possible, and as if we didn't expect them to return the favor.
Will you continue laughing when your allies no longer want to come to your aid because you treat them no differently than enemies?
Re: (Score:2)
Sorry, but no one is going to leave NATO for this. They have to act shocked because it is expected. If they could get a bug in the Oval Office, they would. And I wouldn't expect them to act any differently.
"Strained ties" is certainly not positive, but its sort of like siblings fighting as children. You're not leaving the family for something like that. If you look at history, real alliance failure requires something fundamental at its core like hard resource or economic factors, and this doesn't chang
Re: (Score:2)
To what standard do you hold the US government as opposed to other governments? You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
What standard you ask?
Most other countries do not uphold and swear by the same Constitution that the US does. That's why.
Perhaps other intelligence agencies are doing the same thing. Then again, perhaps those countries do not have such protections as the 4th Amendment. Or the 1st. Or the 2nd to help ensure the rest of it doesn't go to shit.
And I cannot believe I still have to explain that to people. If you want to forget about everything you learned in history class that's fine. But at least remember
Re: (Score:2)
... wait so which amendment guarantees that my meta-data isn't going to be recorded en-masse? or that foreign nationals can't be spied on?
Re: (Score:2)
... wait so which amendment guarantees that my meta-data isn't going to be recorded en-masse? or that foreign nationals can't be spied on?
Ah, you are clearly the one here who continues to support and allow your government to specifically and exactly define "meta-data" as something that can bypass the 4th Amendment, not me.
Foreign nationals are not the greater cause of concern here. Somewhat "legitimized" spying has been going on for a very long time against external entities. Only with the advent of abusive laws cast in the faceless shadow of "terrorism" do we find all our own citizens being spied on en masse and in automated fashion.
And c
Re: (Score:2)
because your will is not the will of the american people. neither is mine.
i'm not particularly concerned about the wiretaps... because i have nothing to hide in that regard. The anonymity of being one of 300 million people. What i have to say is no better or worse than the average joe next door. It is not an erosion of my civil liberties that the government knows who i'm talking to. I only believe in the right of privacy in so much as it concerns due process.
I don't believe in a faceless government "ou
Re: (Score:2)
because your will is not the will of the american people. neither is mine.
i'm not particularly concerned about the wiretaps... because i have nothing to hide in that regard. The anonymity of being one of 300 million people. What i have to say is no better or worse than the average joe next door. It is not an erosion of my civil liberties that the government knows who i'm talking to. I only believe in the right of privacy in so much as it concerns due process.
I don't believe in a faceless government "out to get me" because ultimately, i believe that it is composed of individuals just like you and me and similarly motivated as you and me. I believe in human goodness, human logic and human greed. And the greed thing is a bit more disconcerting in respect to large corporations. If the people are greedy, they don't go in for government work :).
I'm concerned about a lot of things my government does, but spying on me isn't really one of them.
Apparently even the proponents of the right to privacy don't use the 4th as an argument for. all the protections of the bill of rights were regarding actions taken to infringe them, not knowledge.
When the government retains the ability to accuse someone by mistake simply due to the massive amount of information they collect on every citizen, it's rather disturbing.
Here's a good example. Talk to anyone who has ever been accidentally added to the no-fly list. They have zero recourse to try and understand why they were, or get the issue corrected. It's funny you mention due process, since that was pretty much fucked the instant the government started assuming everyone might just be some kind of terr
Re: (Score:2)
well that's slightly disturbing, and they should correct that.
don't throw the baby out with the bathwater.
Re: (Score:2)
well that's slightly disturbing, and they should correct that.
It's only slightly disturbing? Well, I guess that's why we don't have a cure for Ebola. After all, it's only been slightly disturbing to first world countries.
To be fair, you probably would have a different viewpoint if you had to go stand on the floor of Congress to try and plead your case of mistaken terrorist identity. You'll probably hound them to find out why you were flagged as a terrorist, which they'll refuse to disclose based on "National Security". Perhaps you'll go home and start blogging abo
Re:To what Standard? (Score:4, Insightful)
To what standard do you hold the US government as opposed to other governments? You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
For two reasons: The NSA is part of my own government, and the other governments aren't, and the US government is in a position to cause me a lot more harm than other governments are. That other nations may be doing the same thing is irrelevant to the issue at hand. We cannot set our standards of freedom and liberty based on the global lowest common denominator.
Re: (Score:2)
I think it is great that the NSA has an incentive to find exploits for intelligence gathering purposes. The incentive is then problematic for the greater good of national security because there is a perverse incentive to not fix the security vulnerabilities so the NSA can continue to exploit them. If we were talking about vulnerabilities that only affected foreign systems that would be one thing, but we are often talking about vulnerabilities in key US IT infrastructure that is potentially going unfixed.
Re: (Score:2)
it's a cost benefit. what's the risk to the american public from a vulnerability versus the gain from exploiting it. money money money vs security security security
Re: (Score:3)
it's a cost benefit. what's the risk to the american public from a vulnerability versus the gain from exploiting it. money money money vs security security security
Assume foreign intelligence knows what you know and the only advantage might be that you know it first.
I don't think working with the developers to fix vulnerabilities is about money while keeping secrets is about security. It is about weighing the risk to national security in leaving American IT infrastructure and individuals vulnerable to exploits versus your own ability to exploit the vulnerabilities for foreign intelligence gathering. The problem is that there will be a bias in the analysis which will
Re: (Score:2)
good point, never considered the incentives in that light.
my money money money, was about financial risk and loss. Basically credit card theft and corporate espionage.
security security security was kinda self evident :)
Re: (Score:2)
To what standard do you hold the US government as opposed to other governments?
A much higher standard, since I am actually supposed to be able to influence my Government. In fact it is my constitutional right to influence my Government, and my civic duty to do so. I have no constitutional rights to influence Cuba, or DPRK, or any other Government. Further, it is hoped that our Government functions so well that we are the model for others to adopt.
You can be damn sure that every other intelligence agency is doing exactly the same thing... but you're criticizing NSA why exactly?
The old "Two wrongs don't make a right" pops immediately to mind, but let us go a step further. The job of my Government is to protect m
Re: (Score:2)
the relevance of the quote is that we can afford to be upset by the actions that our government takes, because they have taken them before on our behalf.
My protection does not necessarily mean my absolute privacy.
I will be the first to admit that i don't know all the ramifications of domestic surveillance. But i trust in our form of government and our judicial system to muddle through. Each new decade brings with it new challenges. Our understanding of how we interact with each other and how the governme
Re: (Score:2)
I will be the first to admit that i don't know all the ramifications of domestic surveillance
All i say is, I like my country, but I view my government as a collection of well-intentioned individuals with all the flaws that that entails.
I'm glad you admit your ignorance, but the second quote is a fools belief. If you believe that all people in authority are well intentioned, you really have not paid any attention to the world you live in.
Perhaps _you_ have not been abused (to your knowledge) but countless other people have been abused by these so called "well intentioned" people. You only have to read a bit to find what I'm referring to.
Re: (Score:2)
fine, a collection of well-intentioned individuals with some bad apples sprinkled in. It may be willful delusion, but i prefer to view my society as one that striving to be better, as opposed to one on the brink of collapse.
That i have not been abused (to my knowledge) seems to be indicative that I am living in a society that for the most part is better than many of the ones i could have lived in before.
We're arguing about domestic surveillance... as opposed to outright oppression. About the state of our
Re: (Score:2)
Re: (Score:2)
My government protects me as I expect your government to protect you. Can't believe I'm going to do this... quoting blacklist quoting orwell, because i've certainly never read the mans essays myself, “Those who abjure violence can only do so by others committing violence on their behalf.”
We live in a representative Democracy -- we are NOT SUPPOSED TO TRUST OUR GOVERNMENT. We are supposed to be informed and we decide. If I can't handle the truth -- then the truth is that someone got out of hand and was doing the wrong thing.
Security is when people have hope and opportunity -- the only reason you need to spy on people is if you plan to cheat and manipulate them. Unenlightened people think that everyone is untrustworthy and cannot handle the truth -- because they are projecting their own issue
Re: (Score:2)
My government protects me as I expect your government to protect you.
Your government does not protect you and my government does not protect me. Our governments protect themselves and their direct money streams. If either of us happen to be part of the government or part of the direct money stream, we enjoy fairly good protection.
As citizens, we are a herd to be slaughtered. No single one of us is of any importance and we will not be defended unless our respective government sees a direct advantage for itself in doing so.
Why are you telling the truth this time? (Score:1)
Honestly, why should we believe you this time? After all the lies, after breaking the law, after your mass data collections... What possible reason should we have to believe you?
Re: (Score:2)
What reason do they have to lie? They've just told you that they keep the cream of the crop for themselves, and they let all the little fish go (sorry for the mixed metaphor). Keeping just one in a hundred exploits would be sufficient. If you get to pick the very best, the most obscure, and you let the community close the rest, that seems to work in their favor.
Double speak (Score:5, Interesting)
So I assume all the deliberately introduced vulnerabilities are excluded from the tally because they technically "did not find them" ?
Re: (Score:3)
Or perhaps most of their bug searching is done by subcontractors, so it's not technically the NSA finding any of them.
Re: (Score:3)
> "By orders of magnitude, when we find new vulnerabilities, we share them"
I wonder how many ways they've thought of to misclassify freshly discovered vulnerabilities as old.
Useless (Score:2)
That's like saying most, but not all, chain links are made of steel. I'd still not want to rely on that chain.
Or would you want to buy a castle that has 3 well secured walls and one made out of plywood?
A short reminder (Score:5, Informative)
"(TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads."
"(TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and XP. It currently targets Dell PowerEdge 1850/2850/1950/2950 RAID servers, using BIOS versions A02, A05, A06, 1.1.0, 1.2.0, or 1.3.7."
"(TS//SI//REL) Through remote access or interdiction, ARKSTREAM is used to reflash the BIOS on a target machine to implant DEITYBOUNCE and its payload (the implant installer). Implantation via interdiction may be accomplished by nontechnical operator through use of a USB thumb drive. Once implanted, DEITYBOUNCE's frequency of execution (dropping the payload) is configurable and will occur when the target machine powers on."
https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
So there was an explot on the BIOS of Dell Power Edge servers, and it allowed them to re-flash the bios with their own code, and they didn't disclose that, they kept it secret to use for themselves, and every semi-tech country like China and Russia to use, undermining Dell, one of the major US exporters.
Well f*** you, NSA.
Look at the lastest disclosure, GCHQ can spy on Americans via commercially obtained data and access to the NSA database, NSA must be aware of this and does nothing because GCHQ is in 5-eyes and so they get the data too. So regardless of how Congress and the Courts rules, NSA can bypass that decision.
What's happening within the NSA is they follow a cult, the cult of General Alexander, and so there is the laws of the USA, and the laws of the EU and there is the cult, and the cult trumps to the laws, and in doing so it trumps the democracy. The NSA and GCHQ staff need to get their shit together and think for themselves and realize they pose the biggest threat to the free world.
How do we know... (Score:3)
... when the NSA is lying to us?
A: Anytime their lips are moving.
Condoms (Score:2)
The condom stopped most, but not all of the sperm.
NSAs impossible mission (Score:4, Insightful)
The NSA has a dual mission of information assurance–protecting American networks–and signals intelligence–gathering electronic data on foreign networks.
Unfortunately for them, both American networks and foreign networks use the same software. So their mission is "make sure nobody can get in that safe, including you" and also "break into that safe." This is a no win situation.
Which should be split out into two agencies (Score:2)
There shouldn't be just one organization with those two jobs. There should be an open, well-funded office in, say the National Institute for Standards and Technology [nist.gov] that searches for vulnerabilities and has a responsible disclosure policy for everything it finds.
The Government has had this problem before - there used to be one body that handled both promotion and regulation of atomic energy in the US, the US Atomic Energy Commission [wikipedia.org]. In 1974 it got broken up into two agencies, the Nuclear Regulatory Comm
Re: (Score:2)
Why just support other mil and gov needs as requested when the NSA can now plan and run the operation.
NSA 'totalitarian,' ex-staffer tells German parliament
http://www.dw.de/nsa-totalitar... [www.dw.de]
Binney: 'The NSA's main motives: power and money'
http://www.dw.de/binney-the-ns... [www.dw.de]
"Money. It takes a lot of money, you have to build up Bluffdale [the location of the NSA's data storage center, in Utah] to store all the data. If you collect
Trusting the NSA (Score:2)
They needn't be lying (Score:2)
I can't blame them for that... (Score:2)
Its their job.
I wish they'd stop fucking with civilians but short of that... they can go hog wild with that crap.
Re: (Score:2)
President (Score:3)
The fact that a POTUS would even understand what a software vulnerability is speaks volumes.
I can't even imagine what this conversation would have sounded like with the two previous presidents.
Re: (Score:2)
The fact that a POTUS would even understand what a software vulnerability is speaks volumes.
I can't even imagine what this conversation would have sounded like with the two previous presidents.
I don't know, I can imagine a few dozen ways Dubya would have mispronounced "vulnerabilities"
Share with whom? (Score:2)
He doesn't say.
Safe to assume he meant "share with other intelligence agencies", rather than "share with you"?
Re: (Score:2)
Sounds Legit! (Score:2)
Ok, so what part of that* are you now not sharing with us?
* the answer to this question, vulnerabilities contained therein etc.
Re: (Score:1)
Do you have a citation for that?
Re:Positive spin (Score:5, Funny)
Do you have a citation for that?
Yes. Mike Rogers said they din't do that. Which is tantamount to proof of the contrary.
I'm pretty sure that the guy could end world poverty just by acknowledging its existence.
Re: (Score:2)
And Saddam Hussein definitely has a chemical weapons program because he says he doesn't.
Re: (Score:2)
Same conversation. You're using the same ridiculous "logic" that George W. Bush did. It has some fancy latin fallacy name that I'm not going to look up.
Re: (Score:2)
Chemicals shells from the 80s have been found several times. It was pretty clear that he had chemical weapons in the 80s because he used them against the Kurds and Iranian soldiers.
There has been zero evidence that Iraq was involved in any banned weapons programs after the mid 90s- which is what George W. Bush told us.
Re: (Score:2)
Pieces of various weapons have apparently been found in junkyards around the Middle East (Jordan for one), some with UN tags and some without. A quick Google finds this but there's other information out there including some pictures if memory serves.
http://www.worldtribune.com/wo... [worldtribune.com] A poor citation for sure but there have been others.
Here's a more recent article about weapons being found http://www.nytimes.com/interac... [nytimes.com]
Another http://cjonline.com/stories/09... [cjonline.com] Seems a few missles and chemical processing
Re: (Score:1)
NSA's BULLRUN program [wikipedia.org]
Re: (Score:2)
That page doesn't mention anything about commercial OSes.
Re: (Score:2)
It's worth considering that they were all affected by the NSA's sabotaging of NIST standards.
Re: (Score:3)
You made the claim. You back it up. That's how basic logic works.
I realize that's a foreign concept of Slashdot these days.
Re: (Score:2)
You made the claim. You back it up. That's how basic logic works.
Logic that the NSA director apparently feels doesn't apply to him.
Re: (Score:3)
They lie about everything and it's impossible to prove anything.
The root post says that the NSA had vulnerabilities put into iOS and Windows. That's very provable.
Re: (Score:3)
But even better, do you have any reason to think this is not going on?
Do you have any reason to believe that the government is not secretly controlled by the Pod People? They say they're not, but that's exactly what Pod People would say.
I base my opinions on facts and evidence. You base your opinions on how well they fit into your existing worldview.
And none of those links have anything to do with your original statement.
Re: (Score:2)
Why mess around with user applications when the hardware layer is open?
Just get every message sent, gps, camera, voice, text as entered before an app encrypts.