Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27
No Good Answer — Why Now?
On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

No Good Answer

by Bryan

The BBC report, Heartbleed bug denial by NSA and White House, is a bit of a problem.

NSA has a two-part mission: protecting our secrets and finding out the secrets of other people. After 9/11 they have forgotten almost totally that they ae supposed to be securing US communications. Under Alexander the Geek NSA is all offense. This statement says that the government agency primarily responsible for secure communications didn’t discover a major problem with Internet security. That is incompetence or nonfeasance.

NSA missed the Boston Marathon Bombing and now didn’t see a major security flaw with supposedly secure communications over the Internet. There is no real proof that they are making anyone more secure, and a lot of proof that they are using a lot of resources that could be used for better purposes – things that actually improve the General Welfare.

2 comments

1 Kryten42 { 04.15.14 at 10:25 am }

Hmmm. I should have posted the 2nd half of the comment I just posted on your “More Fun” thread here I just realized. Oh well… 🙂

However, there is this:
Would You Trust The NSA’s Advice On How To Deal With Heartbleed?

the response seems to be a resounding “NO”! Funny, that. 🙂

regarding Heartbleed, there is another consequence that so far very few people are talking about, to whit:
Heartbleed’s Intranet & VPN Connection


“The immediate focus should have been on the perimeter and external websites. But the long-term devastation and real cost is from the internal [network] perspective,” says Rob Seger, distinguished engineer at Palo Alto Networks. “Being able to steal all the data carte blanche is, in my opinion, a more lasting and negative” outcome of Heartbleed.

The list of potentially vulnerable internal assets is massive — everything from internal web servers for mission-critical internal applications to SSL-enabled services such as FTP over SSL, VOIP phones, printers, VPN servers, and VPN clients. “The reality is that it’s going to take 4-5 years minimum for the larger enterprises to clean this up,” assuming they know where all their vulnerable SSL-based services and products reside in the network, Seger says.

Identifying and patching those internal Heartbleed-vulnerable systems will take time, and in many cases, not everything will get patched. Some lower-profile devices may not ever receive vendor patches, security experts say, and legacy systems could get lost in the patch shuffle.

A VOIP phone, for example, could be exploited to listen in on calls, and data within documents coming off a printer would be at risk of interception. Client machines, meanwhile, are vulnerable via a Heartbleed exploit service they connect to, which could collect data from those machines, experts say.

“This made it so a script kiddie can leverage APT-level attacks… by stealing a Python script off the web, he can do things only APTs can do,” Palo Alto’s Seger says.

Very nasty! And does the incredibly moronic & ignorant Obama Administration or NSA care? LMAO What a stupid question! Of course not! Nor, apparently, do many other government’s. But they will, one day. When it’s too late. Oh, wait… it is too late!

2 Bryan { 04.15.14 at 10:53 pm }

This is going to be an expensive mess to clean up and it was part of NSA’a prime directive to protect communications from things like this. Once the cost of the fixes come rolling in, there are going to be a lot of angry people who make large political donations asking pointed questions. They are not going to accept ‘9/11’ or ‘terrorists!’ as acceptable answers because this will cut into profits.

It gets really nasty if the people with the Snowden documents start having them reviewed by tech people looking for this type of problem.