The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public

Re: Stealing?

Nobody really "steals third base" either, but that's what it is called in competitive baseball.

"I have no doubt that the NSA knew of the Chinese use of their exploit long before ..." --- congratulations on your supernatural powers. It takes a man to understand his own feelings.

"Meanwhile, companies and organizations were put in peril because of the lack of disclosure." --- Spot on! You finally connected and scored a century!!.

Re: Stealing?

If the Chinese Navy stole a US submarine, then the US Navy could no longer use it and they would be upset.

The analogy here is more finding a US Submarine in the Yongding River and confiscating it on its way to Beijing. The US Navy would still be upset and the US people outraged especially when Chinese copies of the submarine were found in US costal waters.

Re: failure to take long view

> Not sure they gained much from it

Depends on the "they", if you mean politicians/generals who became heroes because of their brilliant strategies over the hun, rather than being able to read their mail = quite a lot

Re: failure to take long view

I am inclined to agree, at least on the basis of the UK. A lot of the capability of Bletchley Park was deliberately dismantled post-war. Machines like the Manchester Mk.1 underfunded and largely dismissed as frivolities; not helped in any way by cultural predjudice against it's creator.

ARM kept the light alive for processor architecture and fundamental R&D in this sector, and Broadcom have a fair presence here too.

Going back to the original subject, however, surely the solution to the bottomless pit of breaches is the Keep-it-simple-stupid philosophy. A 50,000 line program, a good developer has a reasonable chance of staying on top of threats. Making things ever bigger and monolithic, makes them more unmanageable (cough, Kernel & systemd). I don't need to explain the traditional UNIX philosophy here, but it exists for a reason.

I highly rate David Braben's many articles on the limitations of traditional systems programming architectures - even if his current role is somewhat rather removed from the coal face. C, C++ powerful as they are, are very easy to leave room for unintentional errors around memory management. And don't get me started on programming frameworks that give "power" but not "control" - and certainly share common vulnerabilities as a result.

A Rusty OS is looking promising as a way forward.

Re: failure to take long view

>One wonders how much Britain lost by keeping its WW2 computing skills secret so they could read other countries private communications. Not sure they gained much from it.

Lots, but the US gained lots!

Firstly, the US intelligence services gained massively from the UK's knowledge.

Secondly, with respect to for keeping the computing skills secret, we now know that because of this many versions of Computing history incorrectly attributes the first computers to US institutions...

Re: Having a glorious... ...Box

https://youtu.be/jmY_MiJ1hAY

Depeche Mode

Good Night Lovers

Re: TL/dr

So basically it was just copyright infringement or intellectual theft. Getting hacked is like studying history, you see things happening and after a few of years study you get some ideas as to why they happened. Meanwhile something else is happening but you won't find out about it for a few more years.

Re: hello pot, I'd like you to meet kettle and Microsoft

I hear sounds of Cisco and RSA in the air like ghost, while reading your post about built in back doors with deniability.... it's been a few years now, that we know of.

Thank (deity of your choice) the NSA doesn't have virologist or genetic engineers,

Re: Offence vs Defence

The NSA is a strange beast. It's seems that the secretive/offensive half of the shop is busy finding exploits to stockpile and use, then the other public half of the shop is assigned to find exploits and help defend against the other half of the shop.

I have to agree that it's unethical to find exploits and not disclose though. You have to assume when you find something, that multiple other people/organizations have also discovered it. Consequently it is a threat to National security globally. As in a threat to all Nations...

Re: Offence vs Defence. There's No Escaping the Truth

If we really want to be serious about stopping hacking and guard things like the power grid, the US government needs to change the emphasis to reducing vulnerabilities, not exploiting them. ..... hammarbtyp

That could/would definitely be SMARTR, however it is not in their nature, says the drowned scorpion to the dead frog, thus they and any misguided and trusting allies be certainly doomed ‽ .

The problem then that arises and expands is would be good friends disappear, almighty deadly enemies increase and every other man, woman and child learns not to encourage or participate in their idiotic great games plays/Projects for the New American Century

And one has to be real thick and extremely stupid to not realise that as it phorms and surrounds you, to destroy you with novel forces and immaculate sources from deep within the home body core, incensed and enraged at what one has allowed oneself to become, super naturally and decidedly designedly devilishly if one doesn't want to accept the responsibility and accountability for one's actions and plans for actions. But it is what it is and what everyone sees right before their very eyes.