HOME



Digby's Hullabaloo
2801 Ocean Park Blvd.
Box 157
Santa Monica, Ca 90405



Twitter:
@digby56
@DavidOAtkins

emails:
Digby:
digbysez at gmail
David:
isnospoon at gmail
Dennis:
satniteflix at gmail








Infomania

Salon
Buzzflash
Mother Jones
Raw Story
Huffington Post
Slate
Crooks and Liars
American Prospect
New Republic
Common Dreams
AmericanPoliticsJournal
Smirking Chimp
CJR Daily
consortium news

Blog-o-rama

Eschaton
BagNewsNotes
Daily Kos
Political Animal
Driftglass
Firedoglake
Taylor Marsh
Spocko's Brain
Talk Left
Suburban Guerrilla
Scoobie Davis
Echidne
Electrolite
Americablog
Tom Tomorrow
Left Coaster
Angry Bear
oilprice.com
Seeing the Forest
Cathie From Canada
Frontier River Guides
Brad DeLong
The Sideshow
Liberal Oasis
BartCop
Juan Cole
Rising Hegemon
alicublog
Unqualified Offerings
Alas, A Blog
RogerAiles
Lean Left
Oliver Willis
skippy the bush kangaroo
uggabugga
Crooked Timber
discourse.net
Amygdala
the talking dog
David E's Fablog
The Agonist


Saturday Night at the Movies by Dennis Hartley review archive

01/01/2003 - 02/01/2003 02/01/2003 - 03/01/2003 03/01/2003 - 04/01/2003 04/01/2003 - 05/01/2003 05/01/2003 - 06/01/2003 06/01/2003 - 07/01/2003 07/01/2003 - 08/01/2003 08/01/2003 - 09/01/2003 09/01/2003 - 10/01/2003 10/01/2003 - 11/01/2003 11/01/2003 - 12/01/2003 12/01/2003 - 01/01/2004 01/01/2004 - 02/01/2004 02/01/2004 - 03/01/2004 03/01/2004 - 04/01/2004 04/01/2004 - 05/01/2004 05/01/2004 - 06/01/2004 06/01/2004 - 07/01/2004 07/01/2004 - 08/01/2004 08/01/2004 - 09/01/2004 09/01/2004 - 10/01/2004 10/01/2004 - 11/01/2004 11/01/2004 - 12/01/2004 12/01/2004 - 01/01/2005 01/01/2005 - 02/01/2005 02/01/2005 - 03/01/2005 03/01/2005 - 04/01/2005 04/01/2005 - 05/01/2005 05/01/2005 - 06/01/2005 06/01/2005 - 07/01/2005 07/01/2005 - 08/01/2005 08/01/2005 - 09/01/2005 09/01/2005 - 10/01/2005 10/01/2005 - 11/01/2005 11/01/2005 - 12/01/2005 12/01/2005 - 01/01/2006 01/01/2006 - 02/01/2006 02/01/2006 - 03/01/2006 03/01/2006 - 04/01/2006 04/01/2006 - 05/01/2006 05/01/2006 - 06/01/2006 06/01/2006 - 07/01/2006 07/01/2006 - 08/01/2006 08/01/2006 - 09/01/2006 09/01/2006 - 10/01/2006 10/01/2006 - 11/01/2006 11/01/2006 - 12/01/2006 12/01/2006 - 01/01/2007 01/01/2007 - 02/01/2007 02/01/2007 - 03/01/2007 03/01/2007 - 04/01/2007 04/01/2007 - 05/01/2007 05/01/2007 - 06/01/2007 06/01/2007 - 07/01/2007 07/01/2007 - 08/01/2007 08/01/2007 - 09/01/2007 09/01/2007 - 10/01/2007 10/01/2007 - 11/01/2007 11/01/2007 - 12/01/2007 12/01/2007 - 01/01/2008 01/01/2008 - 02/01/2008 02/01/2008 - 03/01/2008 03/01/2008 - 04/01/2008 04/01/2008 - 05/01/2008 05/01/2008 - 06/01/2008 06/01/2008 - 07/01/2008 07/01/2008 - 08/01/2008 08/01/2008 - 09/01/2008 09/01/2008 - 10/01/2008 10/01/2008 - 11/01/2008 11/01/2008 - 12/01/2008 12/01/2008 - 01/01/2009 01/01/2009 - 02/01/2009 02/01/2009 - 03/01/2009 03/01/2009 - 04/01/2009 04/01/2009 - 05/01/2009 05/01/2009 - 06/01/2009 06/01/2009 - 07/01/2009 07/01/2009 - 08/01/2009 08/01/2009 - 09/01/2009 09/01/2009 - 10/01/2009 10/01/2009 - 11/01/2009 11/01/2009 - 12/01/2009 12/01/2009 - 01/01/2010 01/01/2010 - 02/01/2010 02/01/2010 - 03/01/2010 03/01/2010 - 04/01/2010 04/01/2010 - 05/01/2010 05/01/2010 - 06/01/2010 06/01/2010 - 07/01/2010 07/01/2010 - 08/01/2010 08/01/2010 - 09/01/2010 09/01/2010 - 10/01/2010 10/01/2010 - 11/01/2010 11/01/2010 - 12/01/2010 12/01/2010 - 01/01/2011 01/01/2011 - 02/01/2011 02/01/2011 - 03/01/2011 03/01/2011 - 04/01/2011 04/01/2011 - 05/01/2011 05/01/2011 - 06/01/2011 06/01/2011 - 07/01/2011 07/01/2011 - 08/01/2011 08/01/2011 - 09/01/2011 09/01/2011 - 10/01/2011 10/01/2011 - 11/01/2011 11/01/2011 - 12/01/2011 12/01/2011 - 01/01/2012 01/01/2012 - 02/01/2012 02/01/2012 - 03/01/2012 03/01/2012 - 04/01/2012 04/01/2012 - 05/01/2012 05/01/2012 - 06/01/2012 06/01/2012 - 07/01/2012 07/01/2012 - 08/01/2012 08/01/2012 - 09/01/2012 09/01/2012 - 10/01/2012 10/01/2012 - 11/01/2012 11/01/2012 - 12/01/2012 12/01/2012 - 01/01/2013 01/01/2013 - 02/01/2013 02/01/2013 - 03/01/2013 03/01/2013 - 04/01/2013 04/01/2013 - 05/01/2013 05/01/2013 - 06/01/2013 06/01/2013 - 07/01/2013 07/01/2013 - 08/01/2013 08/01/2013 - 09/01/2013 09/01/2013 - 10/01/2013 10/01/2013 - 11/01/2013 11/01/2013 - 12/01/2013 12/01/2013 - 01/01/2014 01/01/2014 - 02/01/2014 02/01/2014 - 03/01/2014 03/01/2014 - 04/01/2014 04/01/2014 - 05/01/2014 05/01/2014 - 06/01/2014 06/01/2014 - 07/01/2014 07/01/2014 - 08/01/2014


 

This page is powered by Blogger. Isn't yours?

Hullabaloo


Friday, April 11, 2014

 
My heart bleeds for the NSA. So misunderstood.

by digby

This has been making the rounds today:
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
Oh come now. What could be wrong with allowing the worst security breach in history to continue for two years for its own convenience? They're trying to protect us. Oh wait ...

I shouldn't be so flippant about this. If this story is true it should be the last straw. This is a perfect example of the intelligence agencies' belief that their "mission" is so all-important that they can use any means necessary. The culture of these bureaucracies inevitably leads to this sort of thing.

Recall this from Dan Drezner's field trip to the NSA:
...they've been so walled off from the American body politic that they have no idea when they're saying things that sound tone-deaf. Like expats returning from a long overseas tour, NSA staffers don't quite comprehend how much perceptions of the agency have changed. The NSA stresses in its mission statement and corporate culture that it "protects privacy rights." Indeed, there were faded banners proclaiming that goal in our briefing room.
I think it's not just how they sound. It's what they do as well..

The NSA spokesperson has now denied they knew about it. But one can certainly understand why people might be skeptical. It's not as if their grand commitment to privacy rights has prevented them from exploiting security vulnerabilities in the past:
Like any government agency, the NSA hires outside companies to help it do the work it's supposed to do. But an analysis of the intelligence community's black budget reveals that unlike most of its peers, the agency's top hackers are also funneling money to firms of dubious origin in exchange for computer malware that's used to spy on foreign governments.

This year alone, the NSA secretly spent more than $25 million to procure "'software vulnerabilities' from private malware vendors," according to a wide-ranging report on the NSA's offensive work by the Post's Barton Gellman and Ellen Nakashima.

Companies such as Microsoft already tell the government about gaps in their product security before issuing software updates, reportedly to give the NSA a chance to exploit those bugs first. But the NSA is also reaching into the Web's shadier crevices to procure bugs the big software vendors don't even know about — vulnerabilities that are known as "zero-days."
This is a culture that sees its mission a paramount. The consider themselves as some kind of cyber-ninjas who need to use every means possible to complete it. It's very easy to imagine they might just let a little useful security hold slide for a while.

Who knows? But it's certainly worth noting that at this point it's fairly easy top believe they could do this. Their reputation precedes them.

Oh, and this should make you feel better:
The White House said Friday that when the government uncovers a Heartbleed-like bug, "it is in the national interest" to notify developers — "unless there is a clear national security or law enforcement need."
Depends on what the definition of "clear" is I guess.


.




Search Digby!