Report says NSA intercepts computer deliveries (Update)

Dec 29, 2013 by Raphael Satter

A German magazine lifted the lid on the operations of the National Security Agency's hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft's internal reporting system to spy on their targets.

Der Spiegel's revelations relate to a division of the NSA known as Tailored Access Operations, or TAO, which is painted as an elite team of hackers specializing in stealing data from the toughest of targets.

Citing internal NSA documents, the magazine said Sunday that TAO's mission was "Getting the ungettable," and quoted an unnamed intelligence official as saying that TAO had gathered "some of the most significant intelligence our country has ever seen."

Der Spiegel said TAO had a catalog of high-tech gadgets for particularly hard-to-crack cases, including computer monitor cables specially modified to record what is being typed across the screen, USB sticks secretly fitted with radio transmitters to broadcast stolen data over the airwaves, and fake base stations intended to intercept mobile phone signals on the go.

The NSA doesn't just rely on James Bond-style spy gear, the magazine said. Some of the attacks described by Der Spiegel exploit weaknesses in the architecture of the Internet to deliver malicious software to specific computers. Others take advantage of weaknesses in hardware or software distributed by some of the world's leading information technology companies, including Cisco Systems, Inc. and China's Huawei Technologies Ltd., the magazine reported.

Der Spiegel cited a 2008 mail order catalog-style list of vulnerabilities that NSA spies could exploit from companies such as Irvine, California-based Western Digital Corp. or Round Rock, Texas-based Dell Inc. The magazine said that suggested the agency was "compromising the technology and products of American companies."

Old-fashioned methods get a mention too. Der Spiegel said that if the NSA tracked a target ordering a new computer or other electronic accessories, TAO could tap its allies in the FBI and the CIA, intercept the hardware in transit, and take it to a secret workshop where it could be discretely fitted with espionage software before being sent on its way.

Intercepting computer equipment in such a way is among the NSA's "most productive operations," and has helped harvest intelligence from around the world, one document cited by Der Spiegel stated.

One of the most striking reported revelations concerned the NSA's alleged ability to spy on Microsoft Corp.'s crash reports, familiar to many users of the Windows operating system as the dialogue box which pops up when a game freezes or a Word document dies. The reporting system is intended to help Microsoft engineers improve their products and fix bugs, but Der Spiegel said the NSA was also sifting through the reports to help spies break into machines running Windows. One NSA document cited by the magazine appeared to poke fun at Microsoft's expense, replacing the software giant's standard error report message with the words: "This information may be intercepted by a foreign sigint (signals intelligence) system to gather detailed information and better exploit your machine."

Microsoft said that information sent by customers about technical issues in such a manner is limited.

"Microsoft does not provide any government with direct or unfettered access to our customer's data," a company representative said in an email Sunday. "We would have significant concerns if the allegations about government actions are true."

Microsoft is one of several U.S. firms that have demanded more transparency from the NSA—and worked to bolster their security—in the wake of the revelations of former intelligence worker Edward Snowden, whose disclosures have ignited an international debate over privacy and surveillance.

Der Spiegel did not explicitly say where its cache NSA documents had come from, although the magazine has previously published a series of stories based on documents leaked by Snowden, and one of Snowden's key contacts—American documentary filmmaker Laura Poitras—was listed among the article's six authors.

No one was immediately available at Der Spiegel to clarify whether Snowden was the source for the latest story.

Another company mentioned by Der Spiegel, though not directly linked with any NSA activity, was Juniper Networks Inc., a computer network equipment maker in Sunnyvale, Calif.

"Juniper Networks recently became aware of, and is currently investigating, alleged security compromises of technology products made by a number of companies, including Juniper," the company said in an email. "We take allegations of this nature very seriously and are working actively to address any possible exploit paths."

If necessary, Juniper said, it would, "work closely with customers to ensure they take any mitigation steps."

Explore further: Germans: European spy agencies swap tech tips

4.7 /5 (20 votes)
add to favorites email to friend print save as pdf

Related Stories

Report: NSA can access most smartphone data

Sep 08, 2013

The U.S. National Security Agency is able to crack protective measures on iPhones, BlackBerry and Android devices, giving it access to users' data on all major smartphones, according to a report Sunday in ...

Germans: European spy agencies swap tech tips

Nov 02, 2013

Germany's foreign intelligence agency confirmed Saturday that it swaps information on the latest technological developments with its European counterparts, but denied a report that it tried to bypass legal restrictions on ...

Germany wants 'trust restored' after US spy report

Jul 01, 2013

The German government wants "trust restored" with the United States following reports that American intelligence agencies bugged European Union offices, and has invited the U.S. ambassador in Berlin to the ...

'NSA eavesdropped on 35 world leaders'

Oct 24, 2013

US spies eavesdropped on the phone conversations of 35 world leaders after White House, Pentagon and State Department officials gave them the numbers, The Guardian reported Thursday.

Recommended for you

User comments : 57

Adjust slider to filter visible comments by rank

Display comments: newest first

Expiorer
3 / 5 (2) Dec 29, 2013
and that is why I use pirated copies
davidivad
2.5 / 5 (2) Dec 29, 2013
if they are going to protect me, they better have some muscle.

explorer; exactly what kind of pirated copies are you speaking of? are you talking about software or movies?
Shakescene21
1 / 5 (4) Dec 29, 2013
The abstract doesn't say who are the "targets" of NSA are. They are almost certainly terrorist recruiters or operatives.
_ilbud
1 / 5 (1) Dec 29, 2013
Criminal behaviour from a criminal nation.
kochevnik
4.3 / 5 (4) Dec 29, 2013
@Shakescene21 The abstract doesn't say who are the "targets" of NSA are. They are almost certainly terrorist recruiters or operatives.
And you know that how? You think Rambo and Steven Segal run the NSA? You mean they always target the top guy and not the low-hanging fruit like your grandmother's IPhone? Are you sure picking easy targets to rack up career promotions is something NSA officials wouldn't contemplate?
Criminal behaviour from a criminal nation.
Only if they don't rewrite the law to suit themselves. Then, by law, they are angels as Shakescene21 asserted. And then your grandmother is the terrorist
Shakescene21
3.2 / 5 (5) Dec 29, 2013
"You mean they always target the top guy and not the low-hanging fruit like your grandmother's IPhone? Are you sure picking easy targets to rack up career promotions is something NSA officials wouldn't contemplate?"

@ kochevnik -- I am positive they are looking for clear-cut terrorists. As noted in Wikipedia, in 2112 the FISC court only granted permission to NSA to surveille 1789 individuals. (Based on NSA scanning of emails sent by hundreds of millions of people.) I'm sure NSA staff are over-worked and they only have time for the most serious-looking prospects.
Skepticus
1 / 5 (1) Dec 30, 2013
The realists knows that every intelligence agency on this planet collect information from every source they can, by every means possible, legal, moral or not. The only golden rule is not to get caught doing it, or to have plausible denials.
Squirrel
3 / 5 (2) Dec 30, 2013
There is a repeat of 9 / 11 and another 2,977 victims die. A Congressional report into this second "9/11" afterwards conclusions it would have been prevented except that the NSA was barred from the privacy invasions on internet traffi that would have detected the plot. What will we feel then about Edward Snowden and the above Spiegel report?
dogbert
5 / 5 (1) Dec 30, 2013
Squirrel,
There is a repeat of 9 / 11 and another 2,977 victims die. A Congressional report into this second "9/11" afterwards conclusions it would have been prevented except that the NSA was barred from the privacy invasions on internet traffi that would have detected the plot. What will we feel then about Edward Snowden and the above Spiegel report?


Has the probability of such an event increased with these revelations?

Sigh
5 / 5 (2) Dec 30, 2013
The abstract doesn't say who are the "targets" of NSA are. They are almost certainly terrorist recruiters or operatives.

By what definition of "terrorist recruiter or operative"? In 2005 in Britain, a Labour Party member who heckled Jack Straw during the party conference was ejected, and was arrested under the the TErrorism Act when he tried to return to the conference the next day (http://news.bbc.c...42.stm). The Obama administration defines as a terrorist any "military-age" male who gets killed by a drone strike (http://news.yahoo...4.html). Note the cause effect relationship in that definition. If you are male and of military age (15-45?), then getting killed is what defines you as a terrorist. What's to stop the NSA from defining as terrorist anybody they look at closely? Like Stalin's law defined a counterrevolutionary as being anyone suspected by the authorities?
Sigh
5 / 5 (1) Dec 30, 2013
I'm sure NSA staff are over-worked and they only have time for the most serious-looking prospects.

That doesn't reassure me. For as long as Moore's law holds and software improves, you have to expect that the cost of surveillance will decrease and that more of the job will be automated. We are already in a situation where the accused are not allowed to know what exactly they are being accused of. As deciding who is a terrorist becomes more automated, and I think it's safe to say that the algorithms will remain secret, so you won't know what the criteria are, how will you prove that you are not a terrorist?
Anda
not rated yet Dec 30, 2013
This is not about intelligence.
The us government has the best hackers, spies upon everyone in the world, targets everyone in the world...
It wants to be Big Brother now, own google and facebook info and more.
Old fashion scifi today.
Well, u can kiss my european ...
Sigh
5 / 5 (2) Dec 30, 2013
and that is why I use pirated copies

How do you know those copies haven't been pirated and made available by the NSA, with a few lines of extra code? I have no idea whether they do that, it just seems an obvious enough strategy that you should expect the NSA and other countries' agencies to do this, as well as hackers with criminal motivation. Why do you expect pirated copies to be more secure?
kochevnik
5 / 5 (1) Dec 30, 2013
@Shakescene21 -- I am positive they are looking for clear-cut terrorists. As noted in Wikipedia, in 2112 the FISC court only granted permission to NSA to surveille 1789 individuals. (Based on NSA scanning of emails sent by hundreds of millions of people.) I'm sure NSA staff are over-worked and they only have time for the most serious-looking prospects.
All of the FBI terrorists were patsies trained by the FBI and then entrapped. Your certainty belies a lack of knowledge, not any real capability of intelligence services
LariAnn
3 / 5 (2) Dec 30, 2013
I suspect the whole truth about what the NSA is capable of (read - actually does) would be more horrifying than anything Snowden has revealed. I wouldn't doubt that they have forced any and all technology companies to engineer hardware and software NSA-enabled backdoors into every product that is marketed, and then told that all shipments are subject to clandestine interception and hardware/software modification whether the companies like it or not. If the companies object, they will be turned over to the IRS and DOJ for closer scrutiny, as in "are your licenses in order?" etc. With today's high tech, we are beset with criminals at the low end, the high end, and everywhere in between. It is as if someone wants us to move away from technology, not towards it, while the tech itself becomes so advanced that it can be used for surveillance whether you are online or not (see smart TVs that are never "off" even when you turn them off, just like the viewscreens in Orwell's 1984).
Protoplasmix
5 / 5 (1) Dec 30, 2013
There is a repeat of 9 / 11 and another 2,977 victims die. A Congressional report into this…

Yeah, what good is a congressional report that's based on misinformation and lies from the "intelligence" community? To this very day, there are Republicans I know personally who still think there are WMDs buried in the sand somewhere in Iraq or were smuggled to Syria for safe keeping. *cough*
TheGhostofOtto1923
3.7 / 5 (3) Dec 30, 2013
there are Republicans I know personally who still think there are WMDs buried in the sand somewhere in Iraq or were smuggled to Syria for safe keeping. *cough*
"After investigation following the invasion, the U.S.‑led Iraq Survey Group concluded that Iraq had ended its nuclear, chemical and biological programs in 1991... but that they intended to resume production if the Iraq sanctions were lifted..."

-But then of course:

"Hussein was internationally known for his use of chemical weapons in the 1980s against Iranian and Kurdish civilians... In the 1980s he pursued an extensive biological weapons program and a nuclear weapons program..."

"After the Persian Gulf War, the United Nations located and destroyed large quantities of Iraqi chemical weapons and related equipment and materials throughout the early 1990s..."

-But youre right maybe we should have trusted him. Of course we shouldnt forget that million-man WMD which we buried in the sand. Twice. That counts, right?
TheGhostofOtto1923
3 / 5 (2) Dec 30, 2013
either paid or STRONG-ARMED all the experts to install back doors in both software and firmware [lie]... Either you're helping humanity to get past this FEAR-INSPIRED INSANITY, or you're helping to perpetuate it... if you keep telling lies over and over, people will eventually believe you?... OBVIOUSLY INEFFECTUAL congressional oversight... steady stream of revelations over the past few months. I believe the WHISTLEBLOWER providing PROOF [he hasnt] not denials from those with a VESTED INTEREST in maintaining the STATUS QUO... There ought to be laws against what the NSA is doing! OH WAIT, there are.. We're not PISSING DOWN YOUR BACK"... "terrorists".... Rumor has it ... Stop the FEAR. Stop the INSANITY.... MISINFORMATION and lies from the "INTELLIGENCE" community?
Like I say noob, youre a fashion whore.
You can't tell from the tone of my posts I'm outraged?
Fashion whores know that righteous indignation is fashionable.
Protoplasmix
5 / 5 (2) Dec 30, 2013
There is a repeat of 9 / 11 and another 2,977 victims die. A Congressional report into this…

Yeah, what good is a congressional report that's based on misinformation and lies from the "intelligence" community? To this very day, there are Republicans I know personally who still think there are WMDs buried in the sand somewhere in Iraq or were smuggled to Syria for safe keeping. *cough*

More to the point, how legitimate are those acts of congress (e.g., Patriot Act) that are likewise based on misinformation and lies from the "intelligence" community?

@Ghost, nice cross-post, edited just the way you like it. Reminds me of that carbon chemist phd who did the same thing. And got banned.
TheGhostofOtto1923
3 / 5 (2) Dec 30, 2013
More to the point, how legitimate are those acts of congress (e.g., Patriot Act) that are likewise based on misinformation and lies from the "intelligence" community?
Well like I showed you here and in the other thread, we dont know if they are misinformation or lies yet do we? Only fashion whores would jump to that conclusion. Because if they didnt they would have to buy all new t shirts. And bandannas.

Off the pigs. Comes the revolution eh?
cantdrive85
1 / 5 (1) Dec 30, 2013
Welkome to Amerika, comrades!
Protoplasmix
5 / 5 (1) Dec 30, 2013
According to the Senate Intelligence Committee's report (U.S. Senate, 2004):
"Most of the major key judgments in the Intelligence Community's October 2002 National Intelligence Estimate (NIE), Iraq's Continuing Programs for Weapons of Mass Destruction, either overstated, or were not supported by, the underlying intelligence reporting. A series of failures, particularly in analytic trade craft, led to the mischaracterization of the intelligence."

And it wasn't just the American people who were duped into the worldwide war on terror. All our allies were duped too. The allies we're now spying on.
Protoplasmix
not rated yet Dec 30, 2013
Well like I showed you here and in the other thread, we dont know if they are misinformation or lies yet do we?

We don't? I'm perfectly fine with taking Angela Merkel's word for it. Damn sure not going to ask General Alexander of the NSA if it's true. You, Otto? Danke schön, Der Spiegel.

See: http://www.thegua...el-phone
TheGhostofOtto1923
3 / 5 (2) Dec 30, 2013
Well like I showed you here and in the other thread, we dont know if they are misinformation or lies yet do we?

We don't? I'm perfectly fine with taking Angela Merkel's word for it. Damn sure not going to ask General Alexander of the NSA if it's true. You, Otto? Danke schön, Der Spiegel.
What does bugging merkels phone have to do with installing back doors in software? Oh I know; NSA = spies = pigs = nazis = guilty. It says so on your t shirt.
Protoplasmix
5 / 5 (1) Dec 30, 2013
What does bugging merkels phone have to do with installing back doors in software?

The same thing that lying and deception have to do with dishonorable service to the people—unnecessary, unacceptable, and un-American.
TheGhostofOtto1923
3 / 5 (2) Dec 30, 2013
The same thing that lying and deception have to do with dishonorable service to the people—unnecessary, unacceptable, and un-American.
See there you go posturing again. Obama admitted the merkel tap. But back doors are unsubstantiated accusations from one euro smut rag. Re merkel:

"Jan Techau, Carnegie Europe's Brussels office director, said... "everybody spies on everybody,"
"This is not a trust-builder but I don't think that the working relationship with America will be much affected..."

-But re back doors, respectable heads of many large companies have gone on record denying it. And per the program in general, one US judge says its legal and necessary .

And yet posturers and fashion whores and smut peddlers are willing to claim that all of it is "unnecessary, unacceptable, and un-American" solely on the claims of a traitor and a euro smut rag.

Reasonable people would withhold judgement. But we are getting to know you as a thoughtless, posturing, fashion whore.
Skepticus_Rex
1 / 5 (1) Dec 30, 2013
It is a lot easier for the NSA to exploit Open Source Software. And, when they find security holes they are not obligated to report them, now are they? Something else to think about that the guy at the conference didn't seem to have told his audience.
Skepticus_Rex
1 / 5 (1) Dec 30, 2013
and that is why I use pirated copies

Pirated copies are easier to exploit by other agencies like the NSA. They often contain hidden root-kits and keyloggers. Open Source is in a similar boat because most of the code is in the open and anyone can see it and exploit weaknesses. If those agencies who find the exploits never report them, they can be left open for long periods of time and used to their advantage. You can harden your Linux systems, but the software used to do that actually was originally developed by the NSA, such as SELinux. But, the point is that it isn't just big named software companies you have to be worried about.
davidivad
not rated yet Dec 31, 2013
yep, our spies are platform independent. as far as pirated copes are concerned, if you cannot shut a torrent or other site down because people want it what do you do? you court order them to keep records.
Skepticus_Rex
1 / 5 (1) Dec 31, 2013
yep, our spies are platform independent. as far as pirated copes are concerned, if you cannot shut a torrent or other site down because people want it what do you do? you court order them to keep records.


You also add a few torrents of your own, with computers set aside in a DMZ to add a little something to your system when you install and/or play what you download. Infect a few pornography sites and obtain similar benefit to track people.
Protoplasmix
not rated yet Dec 31, 2013
See there you go posturing again. Obama admitted the merkel tap. But back doors are unsubstantiated accusations from one euro smut rag.

I'm not the one attacking the source of the information. And I'm not the one with his head stuck so deep in the sand that he can see Beijing. Pull your head out, Mr. War is Inevitable—don't be such a regressive banterer. If you had access to NSA's "Boundless Informant" then what you're spouting might mean something. But you obviously don't. I'd prefer to hear from the guy who did have access, and I don't particularly care which publication it is that's telling the truth about what's been happening, as long as the truth gets told. Take the Ira's advice on this one, Skippy, and let the smart, in-the-know peoples talk. Nuzzfutz.
TheGhostofOtto1923
3 / 5 (2) Dec 31, 2013
I'm not the one attacking the source of the information
Of course you are. The source is a federal judge, sworn testimony, and public statements by respected corporate heads. You disregard these sources in favor of unsubstantiated info from a traitor and felon, and a foreign news rag.
If you had access to NSA's "Boundless Informant" then what you're spouting might mean something. But you obviously don't.
No I have access to dozens of sources reporting what judges and honest officials and respected CEOs have said. These sources also remind me every day WHO we are protecting ourselves from and WHY.
I don't particularly care which publication it is
Of course you don't. You only care about the one that makes you feel good. You know, the one that makes you and all your friends feel like they are getting back at the Man. Make love not war.
kochevnik
not rated yet Dec 31, 2013
It is a lot easier for the NSA to exploit Open Source Software. And, when they find security holes they are not obligated to report them, now are they? Something else to think about that the guy at the conference didn't seem to have told his audience.
OpenBSD has had one documented exploit. I suspect you have no clue about what you are writing

Trojans and virii need a place to hide. Open source is not that place
kochevnik
5 / 5 (3) Dec 31, 2013
Already Cisco earnings were crushed in November, after the company told analysts that America Inc. is no longer trusted because of the NSA spying scandal.

"The first shot was fired on Monday. Teradata, which sells analytics tools for Big Data, warned that quarterly revenues plunged 21% in Asia and 19% in the Middle East and Africa. Wednesday evening, it was IBM's turn to confess that its hardware sales in China had simply COLLAPSED. Every word was colored by Edward Snowden's revelations about the NSA's hand-in-glove collaboration with American tech companies, from startups to mastodons like IBM."

Foreign governments and businesses regard AT&T, Google, Verizon, Facebook and other tech groups as complicit in the scandal, which has become a huge business-confidence issue for U.S. companies operating overseas.
cantdrive85
not rated yet Dec 31, 2013
I can tell by blotto's posts the idea of a totalitarian gov't excites him. This will probably cause him to cream his pants knowing that according to one of OBAMA!'s latest Executive Order 13603 he is merely a slave of the state.
http://thecommons...america/
Modernmystic
3.7 / 5 (3) Dec 31, 2013
I think it's very important to consider both sides of a discussion. I don't fault Otto for considering the NSA's take on all this at all.

I do think however, it's becoming quite clear, that they've not just been breaking the law but smashing it into a million pieces, pouring vodka on it, lighting it on fire, and dancing around the flames whilst saying "nanny nanny boo boo you can't catch me" to the people of the United States.
cmuell89
not rated yet Dec 31, 2013
Obama was correct in arguing the American people have to decide which facets of our society are placed under intelligence community's scope as trade-offs for broader national security. The most troubling aspects of these NSA revelations are the pure lack of transparency, minimal accountability, and ubiquitousness. I'm not so ignorant to say that our country's intelligence community has a five star record of honesty, but the "metadata" reports in the Guardian hit home with almost every citizen. I guess with the Patriot Act, at least we knew what we were giving up.

It's my personal belief these agencies operate mostly withing the realm of well-meaning intelligence gathering but little fear their iniquitous capabilities. It must be extremely difficult to operate in a globalized world in which information technology have become so utterly depended upon and so readily used. I find it fascinating to watch how major national organizations cope with the turbulent and rapid rise of IT.
TheGhostofOtto1923
3 / 5 (2) Dec 31, 2013
I can tell by blotto's posts the idea of a totalitarian gov't excites him. This will probably cause him to cream his pants
Not at all smut peddler. I am sure there are many people who don't want to live under an Islamist caliphate and sharia law, which would probably castrate you for posting about gism and godless electric universes and similar smut.
million pieces, pouring vodka on it, lighting it on fire, and dancing around the flames whilst saying "nanny nanny boo boo you can't catch me" to the people of the United States
So you've heard it repeated a sufficient number of times to believe it even though respected heads of google, yahoo, Microsoft and others have denied it and a federal judge says it's not only legal but necessary? I thought you gave up mindless gullibility when you gave up religion.
TheGhostofOtto1923
3 / 5 (2) Dec 31, 2013
NSA revelations are the pure lack of transparency, minimal accountability, and ubiquitousness
But Islamist jihadis love transparency (of enemies) and are also ubiquitous aren't they? And courts do scrutinize the NSA.

"The United States Foreign Intelligence Surveillance Court (FISC, also called the FISA Court) is a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against suspected foreign intelligence agents inside the United States"

-Or would you prefer public venue judges who are running for reelection and who are owned by the mob?
Protoplasmix
not rated yet Dec 31, 2013
Ghost, the Washington Post is neither European nor a smut rag. It's perhaps best remembered for the investigative reporting of Bob Woodward and Carl Bernstein covering the Pentagon Papers and the Watergate scandal—leading to the only U.S. President ever to resign—who did so over domestic spying—the Republican incumbent was paranoid about Democratic terrorists (to his agenda).

The Post has a nice article about the $52.6 billion-with-a-'B' black budget of the U.S. spy agencies (there are actually 15 others in the intelligence community besides the NSA, but you wouldn't know that if you were the U.S. Congress expecting a straight answer from the head spy). See: http://www.washin...ory.html

So what's your problem with the Post, Ghost? Feel free to alienate yourself further. Wukfitt.
TheGhostofOtto1923
3 / 5 (2) Dec 31, 2013
"The PRISM program, revealed earlier this year by the Post and the Guardian, provided the NSA access to huge volumes of online communications from nine technology companies including Yahoo and Google by legally compelling them to turn over data matching court-approved search terms... NSA chief Gen. Keith B. Alexander defended tech companies role in the PRISM program during a House Intelligence Committee hearing. "We have compelled industry to help us in this manner by court order," he argued, "and what they're doing is saving lives."

-This is 'front door' access. The post also published a 13 hour interview with snowden - so what?

The back door business is unsubstantiated and denied by the companies the guardian originally named. And there is no evidence that the iPhone back door was ever used illegally.

These people are spies. Its what they do. The iPhone hack is a tool of the trade, just like the walther ppk. The existence of these tools does not mean that were ever used ILLEGALLY.
Protoplasmix
not rated yet Dec 31, 2013
The back door business is unsubstantiated and denied by the companies the guardian originally named. And there is no evidence that the iPhone back door was ever used illegally

The NSA functions with the utmost integrity, huh Ghost? They only use legal front doors, huh? Brittfershanes.

Spotting terrorists sure isn't rocket science, Ghost. They're actually remarkably easy to spot. Got time for the Times, Ghost? Look how easy it is: http://www.nytime...tml?_r=0

That's about $52.6 billion worth of online game playing down the tubes, if you ask me.

And you think you're the only one who bothers to look things up…
Skepticus_Rex
1 / 5 (1) Dec 31, 2013
It is a lot easier for the NSA to exploit Open Source Software. And, when they find security holes they are not obligated to report them, now are they? Something else to think about that the guy at the conference didn't seem to have told his audience.
OpenBSD has had one documented exploit. I suspect you have no clue about what you are writing

Trojans and virii need a place to hide. Open source is not that place

I was not even writing about virii and trojans in that post. Open Source is Open Source, and such software often has exploits that have to be found and patched. I install several to literally dozens of security updates just about every week on my Linux box. That would not be needed if there were no exploits to patch. I have every clue about that which I am writing. It is you who haven't a clue.

By the way, here is a list of exploits for BSD. There are a lot more than one.
http://www.cvedet...bsd.html
Skepticus_Rex
1 / 5 (1) Dec 31, 2013
The back door business is unsubstantiated and denied by the companies the guardian originally named. And there is no evidence that the iPhone back door was ever used illegally

Spotting terrorists sure isn't rocket science, Ghost. They're actually remarkably easy to spot. Got time for the Times, Ghost? Look how easy it is: http://www.nytime...tml?_r=0


Russian Intelligence had been spying on the Tsarnaev's using their cell phones and other means. That is how they were aware of the information that they passed on to us. But our investigations are only allowed to go so far so nothing was found to confirm the claims.
Skepticus_Rex
1 / 5 (1) Dec 31, 2013
I can tell by blotto's posts the idea of a totalitarian gov't excites him. This will probably cause him to cream his pants knowing that according to one of OBAMA!'s latest Executive Order 13603 he is merely a slave of the state.
http://thecommons...america/

I would have been better to link to the source. So here is the source, sans commentary:

http://www.whiteh...aredness
kochevnik
not rated yet Dec 31, 2013
It is a lot easier for the NSA to exploit Open Source Software. And, when they find security holes they are not obligated to report them, now are they?
OpenBSD has had one documented exploit. I suspect you have no clue about what you are writing

Trojans and virii need a place to hide. Open source is not that place

@Skepticus_RexI was not even writing about virii and trojans in that post. Open Source is Open Source, and such software often has exploits that have to be found and patched.
if you are patching your own open source code you are likely making a six-figure salary. You would be so familiar with your program that you would already have know may of the exploits possible. You would know them because you know the source code. So again your claims of open-source are blatantly bogus. BTW why is the USA such a hotbed of such stupid claims?

BTW I referred to OpenBSD, not the commercial BSDs where security is sometimes secondary
Captain Stumpy
5 / 5 (1) Jan 01, 2014
@Kochevnik

no offence intended, but i run Linux too, and when he says
I install several to literally dozens of security updates just about every week on my Linux box.


he may well mean the same as me, that (just like windows) there are updates to install frequently, and that some are security risk updates. at least, that is how i am seeing it.

not trying to fight or argue, just wondering because i also load patches every week, and i am not a programmer nor an IT manager.

@Skepticus_Rex

is that what you meant?
what are you running?
TheGhostofOtto1923
3 / 5 (2) Jan 01, 2014
The NSA functions with the utmost integrity, huh Ghost? They only use legal front doors, huh? Brittfershanes.
I understand this what you think I said. Even if they don't , this doesn't make them guilty in this case, nor snowden innocent of treason.
Spotting terrorists sure isn't rocket science, Ghost. They're actually remarkably easy to spot. Got time for the Times, Ghost? Look how easy it is
-says the expert in posturing and fashion.

Here's what pros who have actually studied the evidence have concluded:

"[Federal judge] Pauley concluded the program was a necessary extension of steps taken after the Sept. 11 terrorist attacks. He said the program lets the government connect fragmented and fleeting communications and "represents the government's counter-punch" to the al-Qaida's terror network's use of technology to operate decentralized and plot international terrorist attacks remotely.

"This blunt tool only works because it collects everything," Pauley said.
kochevnik
not rated yet Jan 01, 2014
@Kochevnik

no offence intended, but i run Linux too
Linux isn't a system it's only a kernel. I agree that binary updates of linux have no more inherent security than windows. Security is completely up to the maintainers of the distribution. So I imagine linux security is a spectrum from terrible to terrific. The point is that having the original code with comments in conjunction with programming skills is far superior security to closed source "patching", which is the mode windows and many linux distributions employ. At least many linux distributions offer a source-build option, which allows the user to dynamically adjust security habits and paranoia as needed
TheGhostofOtto1923
3 / 5 (2) Jan 01, 2014
Spotting terrorists sure isn't rocket science
-Actually it is rocket science.

"The Lebanon branch of Al Qaeda, the Abdullah Azzam Brigade, took responsibility for the rocket attack carried out Thursday on Israel. Abdullah made this announcement on Twitter. Earlier, four rockets fired from the Lebanon territory reaching the Northern part of Israel Thursday. One rocket was intercepted by the Iron Dome missile defense system and no injuries were reported, according to the Israeli army in a statement."

-Al qaeda is actively seeking to acquire nuclear weapons and the means to deliver them, which includes developing expertise in rocketry including defeating countermeasures. They are also seeking stinger-type missiles capable of downing commercial as well as military aircraft.

And as judge pauley indicated they are using increasingly sophisticated communications tech to do this and share info.

Which is why agencies like the NSA exist .
stripeless_zebra
not rated yet Jan 01, 2014
The NSA had known the verdict on the recent mobile network interceptions by the time it was officially announced and they can predict the court outcome in this case. Guess how.

"Knowledge is power...France is Bacon"

The NSA's slogan :)
Captain Stumpy
5 / 5 (1) Jan 01, 2014
@kochevnik
Linux isn't a system it's only a kernel.


i know this, but it is also commercially distributed by different vendors as an OS, like Ubuntu or Red Hat. that is specifically what i was referring to. sorry for not being clearer.

So I imagine linux security is a spectrum from terrible to terrific.

absolutely true.

what i was getting at in my post was that i assumed (i know, bad idea) the user Skepticus_Rex was using a Linux commercially distributed, like Ubuntu or Red Hat, and that he was downloading patches... mostly because of how he was talking about it.

sorry if that was not as clear as it should have been. i thought it was obvious, but i guess i was not being specific enough. my apologies.
TheGhostofOtto1923
3 / 5 (2) Jan 01, 2014
More imaginary enemies we can afford to ignore

"North Korean leader Kim Jong-un has said the Korean peninsula will be engulfed by ''massive nuclear disaster'' if war breaks out there again, warning the US it will not be safe in the event of a conflict.

''If the war breaks out again in this land, it will bring about a massive nuclear disaster and the US will never be safe,'' Kim said in his New Year message, broadcast on state tv"

-I wonder what al Qaeda will pay them for a nuke to light up say dusseldorf or Brussels? Much softer targets than Baltimore. Because we over here believe in protecting ourselves.

And a euro nuke would cause the kind of chaos which might enable an uprising and the establishment of a eurabia, which would after all disturb the US greatly. Where would we get our truffles from?
Skepticus_Rex
1 / 5 (1) Jan 01, 2014
if you are patching your own open source code you are likely making a six-figure salary. You would be so familiar with your program that you would already have know may of the exploits possible. You would know them because you know the source code. So again your claims of open-source are blatantly bogus. BTW why is the USA such a hotbed of such stupid claims?

BTW I referred to OpenBSD, not the commercial BSDs where security is sometimes secondary


And, yet, vulnerabilities are discovered all the time. Wages have nothing to do with a thing. Bugs are income-independent.

You didn't bother to read my link, did you? The link I posted was for OpenBSD. If you did, didn't you see how many exploits and vulnerabilities for OpenBSD were in the list?

The only reason I left off the "Open" part above is because there weren't enough characters available and I did not want to make another post for the sake of four letters. My link referred to "known" vulnerabilities of OpenBSD.
Skepticus_Rex
1 / 5 (1) Jan 01, 2014
@Kochevnik

no offence intended, but i run Linux too, and when he says
I install several to literally dozens of security updates just about every week on my Linux box.


he may well mean the same as me, that (just like windows) there are updates to install frequently, and that some are security risk updates. at least, that is how i am seeing it.

not trying to fight or argue, just wondering because i also load patches every week, and i am not a programmer nor an IT manager.

@Skepticus_Rex

is that what you meant?
what are you running?


You are spot on. Well, what I am running depends on the day and my location. For the moment I am running Fedora 20 with Linux, with some modifications, which is what I was running when I made the post above. I am posting from a hardened Fedora machine right now, which also is what I use most at home. Of course, I also run systems with Mac OS X, Windows XP (but not for much longer), Windows 7, Windows 8.1, and Oracle Solaris.
kochevnik
not rated yet Jan 01, 2014
And, yet, vulnerabilities are discovered all the time. Wages have nothing to do with a thing. Bugs are income-independent.

You didn't bother to read my link, did you? The link I posted was for OpenBSD. If you did, didn't you see how many exploits and vulnerabilities for OpenBSD were in the list?
I went by the marketing line of OpenBSD, which is 'Only two remote holes in the default install, in a heck of a long time!'. Certainly a portaudit will reveal exploits. I got five only yesterday on a FreeBSD box. Then again most of those run user permissions in typical usage, svn being the exception

A problem with open source is embedded closed source. NSA inserted code tables into linux kernel code and it is assumed these constants were calculated to be breakable. In any case open source helps focus paranoia in useful directions
Skepticus_Rex
1 / 5 (1) Jan 01, 2014
@kochevnik

The marketing line is for those who stay with the default install. The second you turn on various network and other services that are not turned on in a default install, you are open to potential vulnerabilities and exploits.

Also consider information contained in the following blog:

http://allthatisw...openbsd/

The title is sensationalistic but the content of the article is worthwhile reading nonetheless.