nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: William Herrin <bill () herrin us>
Date: Fri, 11 Apr 2014 18:31:19 -0400
On Fri, Apr 11, 2014 at 5:56 PM, Matt Palmer <mpalmer () hezmatt org> wrote:

You're assuming that the NSA is a single monolithic entity.  IIRC, the
offense team and the defense team don't really talk much, and they
*certainly* have very different motivations.  It wouldn't surprise me at all
if the offense got hold of a juicy bug, and since they're paid to capture
data, and knowing that they wouldn't get in trouble if the defense lost
data, their motivations to keep their little bug to themselves are entirely
understandable.


Hi Matt,

I assume only individual motivations, like CYA. Folks at the bottom
don't make bold decisions. A potentially career-making or
career-ending decision like this would have been kicked up the chain
until it reached someone who could, after consulting several other
folks to cover his own posterior, authorize the risk.

This and the high odds of a leak are how I know the NSA hasn't cracked
the prime factoring problem either. And anyone surprised by Snowden's
revelations either didn't read about or didn't understand Mark Klein's
2006 AT&T documents.

There are things that folks at the NSA could plausibly be doing.
Intentionally sitting on a massive security hole in their own systems
for two years isn't one of them.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: