I'm not worried
Didn't the NSA assure us that their vault-o'-vulnerabilities would never get "into the wild"? I say we take them at their word and trust the government!
/sarcasm off
Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSA. Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of …
No, no, you're confused! Our not-backdoor crypto keys would be TOTALLY safe. We promise! We're really good at this stuff. Trust us, because we know.
Also, we'd ONLY use our tools to hunt down terrorists... err, and drug kingpins! Probably pedophiles, too, because nobody likes them. Oh, and Hoover at the FBI's been wanting access to your email recently, but President Trump has certified that it's only for safekeeping, so we shared it with them, too. We were assured they used good security! :D
Remember, if you have nothing to hide, you have nothing to fear!
Anyway, that's all beside the point. We haven't even been allowed to install any backdoors! We keep loudly and publicly asking for them but then those unpadriodic braindead politicians keep loudly and publicly saying "no."
So there it is. We have no backdoors! Honest! You can trust us. We're a secretive government espionage agency.
Must be those God dam evil Chinese commies. Can't trust a word they say. It was Huawei routers, right?
--tEH nsa
"Didn't the NSA assure us that their vault-o'-vulnerabilities would never get "into the wild"? I say we take them at their word and trust the government!"
Just like how they recon a built in backdoor in both phone and pc OS's will be perfectly safe in their hands and will never be released into the wild.
I can't help wonder what all those people might now be thinking who disagreed with Apple's decision to oppose the FBI some months ago . You know: not creating a backdoor for iOS because of fear that the government was going to abuse it.
If all this turns out to be true then I'd say it is also one heck of a confirmation that Apple did indeed do the right thing back there.
"I can't help wonder what all those people might now be thinking who disagreed with Apple's decision to oppose the FBI some months ago. You know: not creating a[n FBI] backdoor for iOS because of fear that the government was going to abuse it fanboise would baulk and take their $CUSTOM elsewhere."
T,FTFY
You seem to have confused two completely different things:
1) The recent public push by the US government's "FBI" police service for a public backdoor mechanism for their own use and as a mechanism by which to produce evidence admissible into public criminal court.
2) The age old ostensibly secret(ish) push by the US government's secret(ish) spook agencies to secret(ish)ly subvert and corrupt US based technology corporations and their products for various quasilegal secret(ish) nefarious purposes. Brought to the fore by the great[ly entertaining] "NIST"(NSA)/RSA crippled elliptic curve pRNG backdoor fiasco of 2014, or the Snowden Prism etc. dump of 2013, or the 2000 EU vs Echelon affair, or the great US vs M$ _NSAKEY brinkmanship spectacle of 1999, or 1976's brazen "you think you're having 128bit security?! Here, have ~56bits and consider yourselves lucky" Lucifer->DES scuttling, or the 1974-1982 demolition of Bell, or whatever - depending how long you've actually been paying attention to the sordid shenanigans.
If you seriously believe closed & proprietary consumer crApple™ iPrecious™ is any less riddled with the secret(ish) spook's backdoors than, say NSA™ Windows™ is, then I'm sorry to tell you the reality distortion field has sucked out your last neuron.
It was a PR battle. Nothing more.
This post has been deleted by its author
Seriously?
ALL the fucking summers since 2001 have been ugly, and there isn't even anyone who wants to actively democratize, liberate, genocidate, extraordinarily rendition, gazaify, ukrainimate or shock-and-awe me (not to mention slap me with surveillance order, ASBO, terror writ, sexual deviance order, looking-cross-at-hallowed-politican oder or what-have-you). As far as I know.
Seriously.
That FOXACID manual is pretty hilarious.
Hack technician instructions ... I like it ... although the english style is not the best it's more lively than MS prose. And NSA is using ClearCase, it seems.
I think I will use this as an example to demonstrate technical writing at our place.
The Intercept forgot to [redact] an example IP 203.99.XX.XX, somewhere in Pakistan...
Exploits exist mostly because of coding or testing errors. So the existence of these holes is something any ethical vendor wants to know about and fix before they become customer issues. In fact there are many holes in all major commercial software (including FOSS) that still unknown. So sitting on a cache of exploits is idiotic at best because the imbeciles assume the "bad guys & gals" are not smart enough to find exploits also. This is the epic failure of underestimating your enemy; a well know problem that occurs in military history quite often.
You seem to be assuming that all these backdoors are just queer coding blunders which the "clever" NSA people then quietly exploit, rather than malicious code secretly planted by decree of the secret "courts" of a malignant government.
I'm not sure I agree.
You seem to be assuming that all these backdoors are just queer coding blunders which the "clever" NSA people then quietly exploit, rather than malicious code secretly planted by decree of the secret "courts" of a malignant government.
If that's the case, they won't be able to patch them till the "secret court" orders are revoked. So it will act as an inverse warrant canary: the longer a bug takes to fix, the more likely it was placed there.
Interesting thought Grinder... but couldn't/shouldn't the secret "letters" make allowances for emergency coverup repairs in the event of discovery? Besides, the Cisco kit at least is already abandonware... so they have something of a free pass on that front anyway :(
> "So sitting on a cache of exploits is idiotic at best because the imbeciles assume the "bad guys & gals" are not smart enough to find exploits also." Ditto for a software giant to use exploits (sometimes undocumented features) it has created in its OS and programming languages to leverage sales of its productivity software. Not that any software giant has ever done such a thing.
hahahahahahahaha
Infusion pumps are spectacularly rubbish in terms of security. All the medical stuff is utterly godawful and has been for years.
Car companies are having their "industry meets hackers" moment so will improve.
Medical suppliers haven't really had that yet, especially now that Barnaby Jack has gone.
Too bad you didn't have such foresight when you created the tools in the first place.
That is why you do not create malicious tools to subvert common standards. That is also why you do not consider yourself above the hoi-polloi when it comes to the risk of being hacked yourself. Finally, that is why when, despite all the dangers, you do decide to go ahead and create such malware tools, you do not go and put files on an internet-accessible server.
But sure, it was more practical for the spooks to be able to readily download the latest version from whatever location they are at in the world. And yes, I understand that the tools need to be DevOpped super fast because of the changing nature of the target.
Unfortunately it was also more practical for the hackers. And now said hackers have offered it to the world, which means the basic scum are going to get access to nuclear-weapons-grade exploits way before they could code it on their own. So the NSA has given a booster shot to all the misguided, money-grubbing lowlifes of the world.
I guess you can call that job protection, in certain circles. Thank God it's all legal, right ?
This post has been deleted by its author
Maybe now they'll see that by focusing on spying on semi-honest people like us they have actually reduced our security.
Imagine they actually cared about our security and fixed these exploits as soon as they found them, imagine how little the Chinese or the Russians would know about us, imagine how secure our online banking and commerce could be. But no, they'd rather hack the webcams of yahoo users and intercept US troops emails to family back home.
I don't think it's quite that clear-cut: We all use the same internet. Seems to me the impudent little cunts presume to fuck up our internet in order to fuck up the other side's internet. Not saying fucking up ourinternet isn't also an objective, of course: Where would our beloved political lords and masters be without their trusty dissent suppression machinery?.. but we're probably just more of a collateral bonus than the primary objective.
To me, the most mind-bogglingly startling hubris is:
1) Presuming that those glaringly deliberately god-awful specs, protocols & RFCs they contrive and foist upon us are so awesomely cunning that every other intelligence service in the world, and anyone else who bothers to read them, can't immediately see what they really put in place.
2) Presuming themselves competent to keep their RECKLESS "secret" toys to themselves.
So, as for "Maybe now they'll see that by focusing on spying on semi-honest people like us they have actually reduced our security."
I'm absolutely certain they already fully appreciate that! It's (half) the point!.. and nothing will come of this latest débâcle, other than yet another orgy of god-awful disinformation pantomime.
Yey! :-|
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA.
Maybe if you'd spent less time trying to jam your finger up your own citizen's arseholes and more time trying to secure the network by fixing exploits instead of hoarding them...
Here's hoping every single one of your dodgy programs gets used on you in the future. Preferably by your own people.
Oh.. and don't bitch when folks encrypt their drives and their comms, it's only a natural response to your continued idiocy and egotism.
Cheers.
It's a funny thing but maybe an hour after that post a little lightbulb icon popped up on my Android phone telling me that I should add emergency contact info.
Now I know it's just Google trying to get me to add my relatives to their database for better ad tracking (we see your son has just died, click here for links to funeral homes with big savings), but the timing could not have been better.
Just thinking that 'shadow IT' is a thing in large companies, and reflecting on my own experience that any organisation with 1000+ employees has a management layer that spends most of its time interacting with each other about turf wars and resource allocation.
I'm guessing that the NSA is no different. Could the Equation Group(*) be a 'devops' shadow IT operation within an organisation mainly oriented to defence and security theatre surveillance of mass communication?
(*)Equation Group is going to be the name of my Maths homework club next year I think. Superb branding.
Coat: mine's the one with a dumb phone in the pocket.
Supplementary reading: A psychological history of the NSA
> Maths homework club
Congrats. In my time, it was "everybody for himself and let the dogs of failure rip into the straggler; profs will pick the bones..."
"In my time, it was "everybody for himself and let the dogs of failure rip into the straggler; profs will pick the bones..."
I'm teaching people on the other tail of the distribution. You would still recognize the scene in some of our more ambitious Universities. Thanks for link.
Imagine if the NSA and their comrades in the other military and civilian US intelligence services had actually done their jobs and worked to defend their country from exploits, rather than keeping them secret and making us all less safe.
Those agencies get half a trillion dollars or more a year from the US treasury. Maybe it's time for the citizenry to demand their money back.