This page has been archived and commenting is disabled.
Government Denies It Knew About, Abused Heartbleed Bug
And with this official denial we can be certain that Bloomberg's disgruntled NSA sources were right.
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.
In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.
Now if only the NSA can also release a fabricated YouTube clip proving it never knew abused any compromised network anywhere, then all will be promptly forgiven and forgotten.
»
- 10193 reads
- Printer-friendly version
- Send to friend
- advertisements -
It's not even very good bullshit.
<< I don't believe the US government in this case
<< I believe the US government in this case
"Trust no one."
Everything I needed to know I learned from The X-Files.
(RIP Deep Throat.)
We knew nothing about this!
When it is engineered it"s called a feature!
IIRC it was an "undocumented feature"?
https://www.youtube.com/watch?v=UmzsWxPLIOo
The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report
So is this an admission that the NSA is NOT part of the Federal Government, and that they now operate on their own?
National Security or law enforcement need?
Since when have these people ever been able to differentiate between a want and a need?
pods
Same thing: If they want it, it automatically becomes a need.
the NSA wouldn't lie to us. Spies are known for their honesty.
...said as they walk you into the fema detention facility, automatic weapons in hand
"A leak of the major findings of a landmark Senate inquiry into the CIA’s post-9/11 torture of terrorism detainees led, on Friday, to intensified pressure on the White House and the CIA to release the inquiry speedily and with a minimum of redactions.
The classified study, prepared by the Senate select committee on intelligence, concluded that the CIA’s interrogations, secret detentions and outsourced torture sessions were “brutal, and far worse than the agency communicated to policymakers.”
The conclusion that the CIA provided inaccurate information to the Justice Department reflects the findings of a top-secret investigation of the program by the CIA Inspector General’s Office that was triggered by allegations of abuse.
The CIA inspector general’s May 7, 2004, report, which was declassified, found that in waterboarding Zubaydah and Khalid Sheikh Mohammad, deemed the chief architect of the 9/11 attacks, the CIA went beyond the parameters it outlined to the Justice Department’s Office of Legal Counsel, which wrote the legal opinions.
Zubaydah was waterboarded 83 times, while Mohammad underwent the procedure 183 times.
Those cases clashed with the CIA’s assertion _ outlined in the now-declassified top-secret August 2002 Office of Legal Counsel opinion _ that repetition of the methods “will not be substantial because the techniques generally lose their effectiveness after several repetitions.”
http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...
Read more here: http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...It's all in the last sentence, "Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities".
<< I don't believe the US government in general
<< I believe the US government in general
I repeat: "Everything the state says is a lie, and everything it has it has stolen." — Friedrich Nieztsche
<< I don't believe the US media in general
<< I believe the US media in general
http://www.truthrevolt.org/news/sharyl-attkisson-when-id-begin-getting-u...
I`am a zero day exploit : I can read the human mind.
I`am a zero hedge exploit, I can guess where my own mind should be headed while consuming ZH.
And, hold onto your non hedged seats, I used to crack code.
But before I`m flooded with headhunters request: just my own
and farts.
A hearty hello to the nsa lurkers hanging out here. Please dont create a dossier on me.
Russia Denies It Knew About, Abused Heartbleed Bug
China Denies It Knew About, Abused Heartbleed Bug
India Denies It Knew About, Abused Heartbleed Bug
Japan Denies It Knew About, Abused Heartbleed Bug
Bulgaria Denies It Knew About, Abused Heartbleed Bug
Your Mom Denies It Knew About, Abused Heartbleed Bug
Tyler Denies He Beats His Wife
deeeeeeerrrrrrpp de derp
Awesome. It pretty much shut down the Canadian government websites this week until further notice. Canucks can't file their taxes. Why does this not happen in the US for once and for all?
Well thats One way to look at it..............
OR
Perhaps its also true that those who have not yet filed will not get their refund checks anytime soon either?
According to Washington Post many people won't be getting their refunds in the US......Period.
http://www.washingtonpost.com/politics/social-security-treasury-target-h...
..and so it begins. How many months does it buy them? Enough to ride out until QE4 gets announced?
".... the result of a single sentence tucked into the farm bill lifting the 10-year statute of limitations on old debts to Uncle Sam."
Exactly how child support debt collection started. A 1986 amendment by Bill Bradley stuck onto another bill that had nothing to do with it. An endless debt that never goes away until paid. Never talked about, debated or voted on directly, but has had horrific effects on American families and their children for decades. Tyranny...there is no other term for this.
These kinds of things must be forbidden when the Constiution is revised.
My proposed changes in the coming Convention of the States:
Clarifications and changes to the powers of the Legislative Branch.
(1) All members of Congress are required to fully read each Bill and
all Amendments, in full view of Congress, before voting on them. Any
member who fails to do so shall be subject to confirming investigation
and permanently barred from public office by the Vice President or
the Speaker of the House.
(2) Amendments to a subject Bill are limited to the the scope of the Bill
itself. One subject per Bill.
(3) Congress shall have no ability to exempt themselves from legislation.
(4) There shall be lifetime limits of 20 years service for the Senate
and the House of Representatives.
(5) Federal Funding granted to any state is limited to 10% of that states
last budget minus previous funding.
(6) Taxation can only be applied to consumption, ie. a national sales tax. This is a single tax
and there can be no other tax. Congress controls only the tax percentage.
(7) Congress is a part-time job, limited to one meeting per Month over a weekend, outside of emergencies.
I believe them.
If you can't trust the US government, who can you trust?
"Believe nothing until it has been officially denied."
Do you Believe that's air your breathing?
+100
It's diesel fumes.
100% pure chemtrails.
Do they think their power provides immunuity from the laws of the universe?
This is capital-T Treason.
I smell sump'n funny 'round here...smells like...................buuuuuullshit.
Every American citizen strike beginning 14 November 2014.
Oh James, bring my Wellies...there's a good lad...and a noseclip!
It will come to you and your last vote..I mean bullet. MAKE IT COUNT RIGHT SQUARE IN THE FOREHEAD OF AN OR A AGENT OR SPOOK.
Preferably AN IRS AGENT
Feign incompetence when caught in a lie is the scumbag's textbook response.
Though government s notoriously incompetent, I noticed that they're actuially VERY good at doing certain things when it is to their benefit. They're VERY good at blackmailing politicians and eliminating those who are not suisceptible to such pressure.
'Feigning' incompetence is right because I really really doubt that there's a Sgt. Schultz level of "I know NOTHING...." at work with these guys.
Until Snowden releases that slide
He becomes a bigger hero every day.
.
For those who need an explanation:
http://www.xkcd.com/1354/
I've made similar mistakes myself.
As have I. I've also submitted one-line kernel patches that have had probably 20 time more review than this did, so I think it's just a typical mistake that was missed by a woefully underfunded open source project.
Kind of ironic everyone is pissed about OpenSSL when you've got billion dollar companies using the software for free without having given it a single dime in funding or minute of their own developer's time and then being shocked that a bug got through review.
Mind you when writing string checkers, you usually check the lengths before you bother to do anything else, and there's no reason to let the user tell you what those lengths are.
You know, machine code is easy, machine code is fun, but it can be reeeeeeeeallly difficult getting hold of the vital little bits of information that you need.
Throughout my life there have been many people who asked me, "Why would you want to re-invent the wheel?" and they would look at me accusingly and I would look at them and think they just don't get it. I was too taken aback to tell them that problems occur when someone else's wheel is a chair castor or a bicycle wheel and what you actually want is a set of mags for your V8. Right now I want to round up all those fuckers and say, "SEEEEEEEE!!!!!!!!! YOU STUPID FUCKWIT! THIS IS WHAT HAPPENS WHEN YOU BRAINLESSLY TRUST SOMEONE ELSE'S WHEEL!!!!!!!!"
Aaah, good to get that off my chest. I might do it again some time.
Thank you for clearing that up Keith Alexander,
your integrity, just like your appointment, is unimpeachable.
Backed by the full faith and credit of General Clapper.
Thats right He would not lie to us.
Clapper is just being more careful.
http://rt.com/usa/obama-dni-clapper-lie-485/
OOOOOOOOOH!!! So the spying and lying NSA say they didn't know! Bullshit!! So we're supposed to believe them now. LMFAO!! The NSA pukes created the damn virus and used it for years. They have the damn anti-virus software for it and that's a fact.
Can't we get Clapper to move to China.
"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed..."
But the Govt is already on the record for secretly exploiting vulnerabilities in SWIFT, Facebook, Google, commandeering notebook cameras through Yahoo, etc.
I'll file this with my Affordable Care paperwork. This week my renewal quote was received - for the same policy a 38% increase.
And this is all very touching because, back in 2011, Reuters ran an article about how the NSA was helping Wall Street banks battle hackers: http://www.reuters.com/article/2011/10/26/us-cybersecurity-banks-idUSTRE...
Now we know why Goldman Sachs no longer needs high-frequency trading and dark pools to rig the markets.
Within hours the NSA and CIA was able to audit itself and honestly report back?
Senator Feinstein must then be lying about her run-ins.
Before I believe this claim, I'd like some further assurances from James Clapper.
They didn't know about it until they did, and when they did, the did whatever necessary to keep you safe - so stop asking pesky questions and get back to work.
NSA staring as Hogans Heroes
Cough, cough, bullshit, cough, newman, cough, bullshit, cough
Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities...
Pray tell when was the last time these botards didn't use this as their cover? At the expense of raising the ire of more heretofore US "believers", I for one was thankful for the 9/11 reference included in the PCR's ZH article yesterday. It will be very weird to see that nugget of truth being assimilated by j6p as the “news” of Direct Energy Weapons begins to take residence in their cranium. And to think even this is “old” technology.
Thank you Mr. Tesla. And I don’t mean the car.
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CDsQtwIwAw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DbITl3lmbWb8&ei=tF5IU6DHGKy6yAGC0oCQBg&usg=AFQjCNFAvmBBcc4fYGOgZ8GC4YxjIi1JKA&bvm=bv.64542518,d.aWc
US govenment? The taliban government was better, at least they leveled the production of heroine in Afghanistan to almost zero.
THAT'S good? Why shouldn't people who want to take heroine, take heroine? And why shouldn't people grow it for them?
ask Soros
Give .gov a break. If they are going to confiscate your stuff they have to have your passwords.
Not even trying anymore.
USTR Warns That EU-Only Cloud To Avoid NSA Surveillance May Violate Trade AgreementsLink: https://www.techdirt.com/articles/20140409/08121226855/ustr-makes-ill-ju...
Erh, so when the EU tells the USG "Hey, Hey, Get Off My Cloud", the USG simply says they have a legal right.
That's assuming Barroso's head isn't already up in the cloud.
tyrant
...USSA just lost any allies it had left.
Time to drain the swamp. Again.
Steal This Hyperlink
Lies
Our government has reached complete cry wolf status. Even when they tell the truth no one believes anymore. There are daily revelations of lies about things large and small. Recency bias causes constant distrust, the last lie is fresh in peoples minds plus the long list of longer dated lies. The most frequent and biggest lies have been from the highest levels of our government. the truth will out sooner or later and with the internet it is more often sooner. Incompetence is not conducive to control of the narrative.
Its really really hard to believe the NSA with all of their experts were unaware of this for years until somebody made it public on the Internet....really really hard, but, I will give them the benefit of the doubt, its not like the NSA has ever been caught out lying to anybody in the past.
<---- see that green button? Press it if u want to get laid
I notice that the repeated denials are always about knowledge of the Heartbleed "vulnerability."
What that means to me is that the NSA has been exploiting the SSL flaw but did not see the flaw as a vulnerability.
Maybe they reasoned that since they were the only ones who knew about it and therefore the only ones who could exploit it, it wasn't a vulnerability. It was simply a feature they could take advantage of.
Suppose whenever you are sleeping I look into your wallet to see how much cash you have. It's a good thing for me to know.
Then one day a burglar enters your house the same way I did and robs the cash from your wallet.
"Well, shit!" I declare. "If I had known about that VULNERABILITY, I would have said something!"
See what I mean? But then I've come to the conclusion that everything the gov't says is somehow a lie.
They even lie when they don't have to, because they know there just has to be a good reason not to tell the truth.
Are these lawless pig fuckers still eaesdropping on US citizen communications en masse? Are they still collecting metadata and all other content without a warrant? Yes?
Then NSA SHUT THE FUCK UP!
So trillions of "black ops tech" dollars have been spent surreptitiously over the years and the government is telling the citizen that this money has effectively been wasted, outside of course the spying, recording and storage of all communications?
If this bug has been around so long and our crack team of cyber security experts (that are as much to blame for bankrupting our treasury as any other government operation) have been clueless until April of 2014 then WTF??? I suppose the US government is more comfortable admitting gross negligence and incompetence than it is in admitting to being corrupt and dishonest.
Whatever intellectually honest press that is left in America, the taxpayer , nor corporate America should not remotely accept either scenario. C'mon now, enough is enough already!
right. can the NSA produce a list of past advisories?
60 years of oversight, and not a single public notice.