A love letter to the NSA agent who is monitoring my online..
Goto page Previous  1, 2
 
Post new topic   Reply to topic    lain.the-wired.com Forum Index -> Politics and News
View previous topic :: View next topic  
Author Message
Marcus Brody
The Dog


Joined: 09 Jan 2004
Posts: 10599
Location: floating bumpercar

PostPosted: Sat Apr 12, 2014 1:44 pm    Post subject: Reply with quote

Bulkoth wrote:
Marcus Brody wrote:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html


the only evidence he gives in the entire article that they had any idea it was there is this "two people familiar with the matter said."

I know keeping sources confidential is a big matter in journalism but just finding 2 blokes who claim they know is not enough in my book.

There has been a security firm working to see if exploiting this bug is even possible, and so far on any server with sufficient traffic and memory as to not be more than 10 years old at this stage they cannot retrieve anything useful without a ddos style attempt to retrieve large buffers of incomplete data with no ordering.

I'm not saying the bug is no big deal but that article presents nothing to even suggest they attempted to exploit the issue or that there was a decision made to not report it.


That's kind of the problem with reporting on the NSA -- nameable, non-PR sources are rare (Snowden and...?), and sources in general are usually asking for a prison sentence if they let their name be used. So the only thing we can do is evaluate the information and its source (Bloomberg isn't really a chumpmeat magazine) and decide whether it seems plausible, given their usual behavior. I'm inclined to believe that this is true.
Back to top
View user's profile Send private message
Raptor
Sprints McGee


Joined: 04 Jan 2004
Posts: 5567
Location: The Wired

PostPosted: Sat Apr 12, 2014 8:12 pm    Post subject: Reply with quote

You're just wrong. I ran simply poc code and retrieved plenty of useful data.
You can do it too if you need to see it first hand.

_________________
The voices are back, excellent.


Last edited by Raptor on Wed Apr 16, 2014 4:28 pm; edited 1 time in total
Back to top
View user's profile Send private message Send e-mail
Raptor
Sprints McGee


Joined: 04 Jan 2004
Posts: 5567
Location: The Wired

PostPosted: Wed Apr 16, 2014 4:28 pm    Post subject: Reply with quote

Also, Cloudflare was wrong too. Not only about the key exposure, but their patch from months ago was also flawed. I suspect their article was why you had the impression that it wasn't possible.

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed


I also think it was fairly irresponsible of them to find a vulnerability, patch their systems, but not disclose it to anyone. It didn't pay off for them, whatever their intentions were.

_________________
The voices are back, excellent.
Back to top
View user's profile Send private message Send e-mail
Raptor
Sprints McGee


Joined: 04 Jan 2004
Posts: 5567
Location: The Wired

PostPosted: Fri Jun 27, 2014 2:40 pm    Post subject: Reply with quote



http://www.wired.com/2014/06/protestors-launch-a-135-foot-blimp-over-the-nsas-utah-data-center/

_________________
The voices are back, excellent.
Back to top
View user's profile Send private message Send e-mail
Marcus Brody
The Dog


Joined: 09 Jan 2004
Posts: 10599
Location: floating bumpercar

PostPosted: Fri Jun 27, 2014 3:01 pm    Post subject: Reply with quote

Haha...brilliant.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    lain.the-wired.com Forum Index -> Politics and News All times are GMT - 5 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2002 phpBB Group // DustyGreen Theme 1.0.2 By Gil