On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
If you told me they used it against the targets of the day while putting out the word to patch I could buy it, but intentionally leaving a certain bodily extension hanging in the breeze in the hopes of gaining more valuable data than they lose would have been an unusually gutsy move.
"unusually gutsy" compared to what, EXACTLY? Sources: NSA sucks in data from 50 companies http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-co... Report: NSA Circumvented Encryption http://www.bankinfosecurity.com/report-nsa-circumvented-encryption-a-6045 [ That one is interesting, by the way. It's from September 6, 2013, and quotes reporting by the New York Times and Pro Publica the previous day. Here's an excerpt: Bruce Schneier, a widely followed cryptography expert, author and blogger, characterizes the revelation as explosive. "Basically, the NSA is able to decrypt most of the Internet," he writes in his blog. "They're doing it primarily by cheating, not by mathematics. ... Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted." According to the news report, some of NSA's most exhaustive efforts have concentrated on encryption widely used in the United States, including Secure Sockets Layer, virtual private networks and the protection used on fourth generation smart phones. Interesting that it mentions SSL, isn't it? ] NSA's pipe dream: Weakening crypto will only help the "good guys" http://arstechnica.com/security/2013/09/nsas-pipe-dream-weakening-crypto-wil... Exclusive: NSA infiltrated RSA security more deeply than thought http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331?feedType=RSS&feedName=topNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=992637 NSA Aiming To Infect "Millions" Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators http://www.techdirt.com/articles/20140312/07334826545/nsa-aiming-to-infect-m... NSA hacker in residence dishes on how to "hunt" system admins http://arstechnica.com/security/2014/03/nsa-hacker-in-residence-dishes-on-ho... Let me note in passing that the NSA is not the only intelligence agency on this planet that has demonstrated both willingness and ability to create and/or exploit large scale security breaches in order to acquire information. Surely nobody thinks that folks in Moscow and London and Berlin and Bejing were just sitting on their hands. ---rsk