Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 2 3 [4]

Author Topic: Heartbleed Exploit - Most servers patched, but assume ALL passwords compromised  (Read 3424 times)

Bauglir

  • Bay Watcher
  • Let us make Good
    • View Profile

Interesting that the NSA is claiming incompetence rather than malice here - this is something they really ought to have known about, although given its scale they also should've gotten it fixed rather than exploiting it in that case, for reasons lots of people have discussed at length. I actually am not sure whether or not to give them the benefit of the doubt - it's true that Snowden couldn't have leaked everything, but if this was standard operating procedure at any point before he left, I'd expect this to have been one of the first things to go public. In any case, there's no way they come out of this looking good, surprising no one.
Logged
In the days when Sussman was a novice, Minsky once came to him as he sat hacking at the PDP-6.
“What are you doing?”, asked Minsky. “I am training a randomly wired neural net to play Tic-Tac-Toe” Sussman replied. “Why is the net wired randomly?”, asked Minsky. “I do not want it to have any preconceptions of how to play”, Sussman said.
Minsky then shut his eyes. “Why do you close your eyes?”, Sussman asked his teacher.
“So that the room will be empty.”
At that moment, Sussman was enlightened.

MorleyDev

  • Bay Watcher
  • "It is not enough for it to just work."
    • View Profile
    • MorleyDev

I wouldn't call it a lack of morality as a...very weirdly slanted one. A lack of morality is rare and whilst people who just want money and power are found everywhere, a whole organisation of them wouldn't exactly thrive. It's when you have incompetence, power, and the belief that what you're doing is morally right that more problems arise. There's a saying, "Everybody is the hero of their own story."

When the interests of a nation are seen as more important than the rights of the majority of the people within that nation, and the life of a soldier worth more than the rights of the people that soldier is supposed to be risking their life to protect the rights of...
« Last Edit: April 12, 2014, 11:23:48 am by MorleyDev »
Logged

palsch

  • Bay Watcher
    • View Profile

On the NSA angle.
Quote
This discussion is relevant, obviously, to the question of whether Cybercommand should be closely associated with, or separate from, NSA, or, more generally, whether we want the same entity doing cyber offense and cyber defense.  One possible reason why the same entity should be in charge of both is to enable that entity to better understand how offense and defense relate to one another, and thus potentially to enable more intelligent tradeoffs.  But I can easily imagine a very different argument to the effect that, depending on one’s normative commitments, the tasks should be separated and the tradeoffs should be managed by an independent offense chief, or an independent defense chief, or by an independent third party.  But further complications arise.  If offense and defense are separate, would they tell one another about the vulnerabilities they discover or engineer?  What would the sharing rules be?  Who would decide and by what criteria whether to horde or patch the vulnerability?  It is not obvious that separating offense and defense assists with the underlying problem of how to resolve the tradeoff, although of course it might skew the outcomes in certain ways.  These are hard and deep questions of institutional design.  (Note that after an extensive review, and contrary to a recommendation by the President’s Review Group, the White House decided to keep the NSA Director in charge of Cyber Command.)
Logged
Pages: 1 2 3 [4]