nanog mailing list archives
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: William Herrin <bill () herrin us>
Date: Fri, 11 Apr 2014 18:31:19 -0400
On Fri, Apr 11, 2014 at 5:56 PM, Matt Palmer <mpalmer () hezmatt org> wrote:
You're assuming that the NSA is a single monolithic entity. IIRC, the offense team and the defense team don't really talk much, and they *certainly* have very different motivations. It wouldn't surprise me at all if the offense got hold of a juicy bug, and since they're paid to capture data, and knowing that they wouldn't get in trouble if the defense lost data, their motivations to keep their little bug to themselves are entirely understandable.
Hi Matt, I assume only individual motivations, like CYA. Folks at the bottom don't make bold decisions. A potentially career-making or career-ending decision like this would have been kicked up the chain until it reached someone who could, after consulting several other folks to cover his own posterior, authorize the risk. This and the high odds of a leak are how I know the NSA hasn't cracked the prime factoring problem either. And anyone surprised by Snowden's revelations either didn't read about or didn't understand Mark Klein's 2006 AT&T documents. There are things that folks at the NSA could plausibly be doing. Intentionally sitting on a massive security hole in their own systems for two years isn't one of them. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years], (continued)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Stephen Frost (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Chris Adams (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Donald Eastlake (Apr 14)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mike A (Apr 18)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Valdis . Kletnieks (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Frank Bulk (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Warren Bailey (Apr 11)