back to article Mind-blowing secrets of NSA's security exploit stockpile revealed at last

The NSA has revealed for the first time in public how it handles and reports critical unpatched security flaws its snoopers discover in software. It is generally accepted the US taxpayer-funded spy agency has a private stash of exploitable programming blunders that it uses to infect and monitor its intelligence targets' …

  1. Neil Barnes Silver badge
    Black Helicopters

    ████████ ██████ █████████████

    ███████ ████ █████████████ ████████ █████████████████████████ █████████ ████████████ ██████. ████ ██████████████████████████████ ████████ ████ ██████.████ █████████ █████ ███████ ██████ or not?

    1. I'm Brian and so's my wife

      Re: ████████ ██████ █████████████

      Tru dat

      1. Destroy All Monsters Silver badge
        Paris Hilton

        Re: ████████ ██████ █████████████

        But what does Oswald have to do with this and was he even in the same room?

    2. Tail Up

      Re: ████████ ██████ █████████████

      This "Re" minds me a Q@ "Is There Any████████ At████████?"

    3. RobHib

      @Neil Barnes - Re: ████████ ██████ █████████████


      Read Voltaire's Bastards by John Ralston Saul, Chapter 12: The Art of the Secret [pp: 280-299*] for why The State is so obsessed with unnecessary secrecy and why it's so easily able to get away with it.

      Chapter 12 begins thus:

      'Everything in the West is secret unless there is a conscious decision to the contrary. Our civilization, which never stops declaiming about the inviolability of free speech, operates as if it distrusts nothing more. The taste for the hidden has not played an accidental role in the distortion of practical democracy. ...

      [QED - yours truly.]


      * Pages for my copy of the 1993 Penguin paperback edition.

      1. sniperpaddy

        Re: @Neil Barnes - ████████ ██████ █████████████

        "The taste for the hidden has not played an accidental role in the distortion of practical democracy."

        What a remarkable and true statement. I had to re-read it multiple times to savor it.

        Very true when it comes to Irish politics. e.g. Irish Water :), or for evolution in US politics when it comes to how convenient interpretations of the constitution are being enforced....and hidden.

  2. John Brown (no body) Silver badge


    They still "hide" text by using black on black? Mouse drag over reveals all!

    1. elDog

      Re: Wow!

      Just lightly drag a white crayon across the surface and you'll see the indentations from the IBM Selectric (or Teletype 33.)

      Remember the wise words of some punk multi-billionaire: If you have nothing to hide, then ... i forget.

    2. DropBear

      Re: Wow!

      WTF are you talking about?!? Nothing in the El Reg article revealed anything by 'mouse dragging' over - I do that by instinct by now every time I see a black block of "text"...!

      1. Anonymous Coward
        Black Helicopters

        Re: Wow!

        Perhaps they're talking about the original PDF?

        Anyone offering odds on that thing not being specially "enhanced" with god only knows what special bespoke "0-days" for our pleasure?

      2. John Brown (no body) Silver badge

        Re: Wow!

        "WTF are you talking about?!? Nothing in the El Reg article revealed anything by 'mouse dragging' over"

        Did I REALLY need to put a joke icon on that comment? Really?

    3. Anonymous Coward
      Anonymous Coward

      Re: Wow!

      "They still "hide" text by using black on black?"

      We had a pilot project where we used the ☺character instead but the intended positive sentiment insertion didn't seem to have much effect on the recipients of redacted documents.

  3. TheFinn

    Err.....I don't think I have the right font installed....

    1. s5PGmU
      Black Helicopters

      That font is classified by No Such Agency..

      1. Destroy All Monsters Silver badge

        fnord font to fnork the populace

  4. Shadow Systems

    Bitch slap the Editor.

    Why the FUCK did you fill the article with worthless BlackRightPointingTriangle characters instead of actual, readable TEXT, you fucking putz?

    [Snipped abuse. Someone does not get the joke. And also, does not have an account now - mod]

    1. Notas Badoff

      Re: Bitch slap the Editor.

      Or you know, suggest they replace with something useful like "redacted redacted and more government redacted". Actually I do sympathise with your feelings, but think I hope your wishes for the editors are fulfilled only in their dreams.

    2. AustinTX

      Re: Bitch slap the Editor.

      Dear Shadow Systems: Not one bit of text was blacked out. If you read the article, and it is clear that you didn't, the article is simply padded with black lines for humorous effect. Blind people will have no trouble reading the article. When you lose one sense, the others become enhanced. This is why people with no sense of humor have an increased sense of self importance.

      We all can see why you didn't get the joke.

      Furthermore, it is not that is making you listen to screen readers gibbering about BlackRightPointingTriangles, it is your screen reader's manufacturer who made that decision. Either learn to program and offer your blind compadres a superior alternative, or close your arrogant face-vent and hold your helpless frustration inside. It'll fester there, and likely take you to the sweet release of death sooner that way. Good day.

      1. This post has been deleted by its author

    3. Rol Silver badge

      Re: Bitch slap the Editor.

      Why the FU███████████████ ████████ █████████████ ██████ total gibberish, ha ha ha ha. And then we ████████ ██████ the old █████████████ ████████ and he laughed and laffed, but we███ ██ huge mammaries █████ ████████████ he didn't see the funny ██████ █████████████, but of course I was very, very drunk at the time.

    4. GrumpenKraut Silver badge

      Re: Bitch slap the Editor.

      Dear commenters and EL Reg, as far as I know Shadow Systems is BLIND.

      Thus you may want to re-consider that part:

      > ... does not have an account now

      I appreciated the vast majority of his comments I have seen.

      1. Solmyr ibn Wali Barad

        Re: I appreciated the vast majority of his comments

        Seconded. Let's hope it was nothing more than a gallow humour.

        I, for one, do not mind reading an occasional rant. Even if spiced with profanities. It's still better than instances of astroturfing, newspeak or doublespeak.

      2. Mark 85 Silver badge

        Re: Bitch slap the Editor.

        I totally concur with this. Deleting the offending post with maybe a simple email to him might have been better handling of this.

        1. x 7

          Re: Bitch slap the Editor.

          I seriously wondered whether his whole offensively scatalogical post was a clever joke intending to echo what the document said pre-redaction (on the assumption that what was redacted were just profanities), then I realised that no-one in USA Government would be intelligent enough to understand such profanities so any joke would be misplaced and misunderstood. If it was a joke, which on reconsideration it probably wasn't.

      3. Rol Silver badge

        Re: Bitch slap the Editor.

        Just read a few of his previous posts and I too, would like to plead for clemency.

        Many of us have stepped precariously over the line at times, but either wisely or out of sheer luck managed to vent it all several pages into the comments and thus avoided being picked up for our delinquent French.

        Please, is there any chance you could reconsider his ban, especially as his disability was an obvious factor in the whole damning episode.

    5. This post has been deleted by its author

  5. x 7

    hey, Shadow Systems

    They're not triangles, they're rectangles. If you want to moan about something, at least get the facts correct.

    1. Ole Juul

      They're not triangles, they're rectangles.

      And when piled up like that they look like a brick wall.

  6. Captain DaFt

    -told El Reg: "███████ ████ █████████████ ████████ █████████████████████████ █████████ ████████████ ██████. ████ ██████████████████████████████ ████████ ████ ██████.████ █████████ █████ ███████ ██████."-

    You forgot to note that this part was not redacted for security reasons, but to comply with "Family Safe" values of language usage.

    "████ ██████.████ █████████ █████ ███████ ██████"

    Hmm, never mind the legality of such an act, is it even physically possible?

  7. David 132 Silver badge

    ████ ██████.████ █████████ █████ ███████ ██████

    ████ ██████.████ █████████ █████ ███████ ██████

    Yes, but did the goat die?

  8. Anonymous Coward
    Anonymous Coward

    did they blank each word?

    Or did they blank each phrase/sentence? Unless they're using a monotype font, you can make decent guesses if they blanked each word separately.

    1. Anonymous Coward
      Anonymous Coward

      Re: did they blank each word?

      Yes, a machine learning algorithm when trained with all the clear bits of text should easily be able to guesstimate what most of the censored stuff is, it would obviously have a hard time on the unique code words "UNLADENSWALLOW" etc

      All this crypto stuff is just a mild delay on the road to recovered plaintext

  9. Mark 85 Silver badge

    Well.. that article and the PDF was enlightening.

    I wonder how much extra toner (and taxpayer money) was used in printing out those PDF's for the PHB's in government office that had to approve the release?


      Re: Well.. that article and the PDF was enlightening.

      Maybe a yellow marker should be used for electronic documents - that way the printed page would only have light grey boxes and meeilions would be saved.

    2. Anonymous Coward

      Re: "Extra Toner"

      I think a PHD student in the US solved the banking and budget crisis quite easily. Reduce all government text by one point. The savings on ink and paper were massive...

      ... but not enough in the end. Still and interesting idea.

      1. dlc.usa

        Re: "Extra Toner"

        Inquiring minds want to know if the increased expense of magnifying apparatus for vision-challenged employees and contractors was accounted for.

  10. Schultz
    Black Helicopters

    I find the document quite revealing ...

    Now we know officially that the NSA and partners have a policy to handle security exploits: Drop those exploits into the black hole of national secrecy where naught a character ever escaped.

    This also brings some clarity to the discussion whether the NSA & Co. might be honest partners when addressing computer security issues.

  11. phil dude

    To the NSA...

    6e382bf46c2d59f548458dddba02df50047cb2834feeb2f2435ee9ec -

    47697010756ae67a249b78c9c9450bb61d12c3dac539531474e09712f52912e0 -

    de1a6027d6cf72f109728949ec7a00265ca81e1ac86ba9ccf5ad723382d67e5a9586be1d06e412c3c475b470f434e558 -

    28d09f6a4afbde74870d9ebd2d9c86121b1e67f0a5215df9540d2790f2d14c08b3dcb964132c6bafc652699ea038b511b0378daa856c067dfe92aaec55e61454 -

    c95681d8ad974307e89087bbde580d86 -


    1. VinceH

      Re: To the NSA...

      That's a bit strong.

    2. Anonymous Coward
      Anonymous Coward

      Re: To the NSA...

      Good thing you used an algorithm with a Federally mandated backdoor there.

      1. phil dude
        Black Helicopters

        Re: To the NSA...

        I see what you did there...


  12. amanfromMars 1 Silver badge

    <a href="">KISS </a> ...... MkUltraTS/SCI

    Words Create, Command and Control Worlds .... ergo, no words shared, no controlled and/or creative commanding control worlds?

    IT is not rocket science.

    And in SMARTR IT Systems with Ubiquitous Autonomous Advanced Intelligence Servering of AIMachinery and Virtually Alien Remote Command and Control Centres of Applied Excellence, It is not what is hidden from view and reading and general knowledge which really spooks out and destroys inequitable and oppressive exclusive executive orders and SCADA Operating Systems, it is what you are not fearful of freely sharing to universally empower the masses, rather than just a chosen few which can probably be both ill and ill-chosen too, so compounding the fundamental error, which they can use to terrorise you...... and as you are witnessing, so they do ‽ .

    1. Anonymous Coward
      Anonymous Coward

      Re: <a href="">KISS </a> ...... MkUltraTS/SCI

      That's the first thing you have written that I have actually understood. Now I am worried, is it because I am also going mental or that you are improving? ;)

      1. amanfromMars 1 Silver badge

        Re: Re: <a href="">KISS </a> ...... MkUltraTS/SCI

        That's the first thing you have written that I have actually understood. Now I am worried, is it because I am also going mental or that you are improving? ;) ... Cavehomme2

        I am comfortable in suggesting that it is probably a case of both, Cavehomme2, and certainly nothing for you to be unduly worried about, unless you have something to fear in the whole truth and supporting truths associated with your thoughts and actions predicated upon them.

        Welcome to the Register and Creatively Commanded AI in Control Led Worlds.

  13. herman Silver badge

    That was too easy. What the redacted text actually said was:

    Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem.

    1. Pascal Monett Silver badge
  14. Anonymous Coward
    Anonymous Coward

    I would assume that once a known exploit goes wild the ███ release it to the devs.

    Otherwise everyone would be ██████ over by the exploit allowing foreign intelligence to use it as well.

    I personally think the ███ are a bunch of █████ and the whole situation is a massive ███████████.

    If you have nothing to ████ then you are a boring ████.

  15. Anonymous Coward
    Anonymous Coward

    Is it just me..

    .. or is the sale of thick black markers to US government departments sharply (sharpie?) trending upwards?

    That document is more Goth than Freedom of Information with that amount of black.

  16. Tail Up


    Весело тут у вас ))

  17. Brian Miller

    PDF with scans of a paper document

    Well, it's so good to see that the NSA is still using typewriters. I wonder what their repair bill is.

  18. Will Godfrey Silver badge


    I propose an alternative form that will be kinder on the eyes (and the printer). See example below:

    :P :P :P :P :P :P :P

  19. Bladeforce

    My take

    But seriously███████████████ ████████ █████████████ ██████ we have lots of commitments bound in law ████████ ██████ with certain █████████████ ████████ companies that we cant disclose███ ██ but if memory serves █████ ████████████ these companies start with ██████ █████████████ the letters M, G and A...

    Aah shoot i did that wrong didnt I?

  20. Anonymous Coward
    Anonymous Coward

    Re. My take

    The <redacted> <redacted> can go and <redacted> my <redacted> <redacted> <redacted>

  21. razorfishsl

    As a recent director of software development quite correctly pointed out......

    "We can encode the passwords as dingbats, that-way no one can read them"

  22. jackandhishat

    That's... black. Black! BLAAACK!

    Oooh, what's for tea, mother? Pin stew?!!!

  23. oneeye

    vulns not released till used by the enemy!

    Once the zero day is no longer secret,ie. used by others,then maybe they are reported,but that would be the logical thing to do, But I would not be surprised if even then,they kept it in reserve.

    Snowden had it right, we should be focused on defense primarily and not offensive capabilities. Our collective reputations would be much better. Even if these spy agencies could get the fixes just pushed to our selective countries to keep their own citizens safe from foreign exploits would be a far cry better than the system they now employ. As it stands now, there needs to be some serious changes in how these outlaws operate. IMHO.

  24. Potemkine Silver badge


    Arkanoid is back!

    1. x 7

      Re: Cool!


      sounds like a form of dementia

  25. Anonymous Coward
    Anonymous Coward

    Remember the "viewing ex-operative's records" scene in RED? Around 55 seconds into

  26. PaulAb


    I've been waiting for ages just to type the word REDACTION, somewhere. Thanks Reg

