Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed

Soulskill posted about 6 months ago | from the thanks-for-providing-zero-clarity dept.

Encryption 134

An anonymous reader writes "The White House has joined the public debate about Heartbleed. The administration denied any prior knowledge of Heartbleed, and said the NSA should reveal such flaws once discovered. Unfortunately, this statement was hedged. The NSA should reveal these flaws unless 'a clear national security or law enforcement need' exists. Since that can be construed to apply to virtually any situation, we're left with the same dilemma as before: do we take them at their word or not? The use of such an exploit is certainly not without precedent: 'The NSA made use of four "zero day" vulnerabilities in its attack on Iran's nuclear enrichment sites. That operation, code-named "Olympic Games," managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.' A senior White House official is quoted saying, 'I can't imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.'" Side note: CloudFlare has named several winners in its challenge to prove it was possible to steal private keys using the Heartbleed exploit.

Sorry! There are no comments related to the filter you selected.

Well, yeah (5, Insightful)

LordLucless (582312) | about 6 months ago | (#46739259)

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

Re:Well, yeah (3, Insightful)

Joce640k (829181) | about 6 months ago | (#46739309)

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Does the USA actually have any enemies like that or is it just the (government created) national paranoia?

Re:Well, yeah (4, Interesting)

JoeMerchant (803320) | about 6 months ago | (#46739369)

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Because that's their job?

Seriously, upgrading the server or refactoring the software? Why does IT always have such drama, can't they just scale up and down like Sales?

Re:Well, yeah (1)

rmdingler (1955220) | about 6 months ago | (#46739385)

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Does the USA actually have any enemies like that or is it just the (government created) national paranoia?

It makes for a better sound bite than We hate to put your bank account's password at risk, but it's for some plausibly useful future reason that we do so.

Re:Well, yeah (2, Insightful)

Anonymous Coward | about 6 months ago | (#46739331)

Spy agency's job is to spy.

And murderer's murder. Stating their job doesn't make it anymore moral. A spy's spying can be immoral, and that's exactly what the pieces of trash in the NSA have been doing.

Re:Well, yeah (2)

ganjadude (952775) | about 6 months ago | (#46739463)

exactly, He answered the wrong question, The correct question should have been
" will you allow the use of these tools against americans without disclosure" I dont mind if they are spying on others as that is their job, but it is not their job to spy on us in america. (we can argue the merits of spying on other countries another day)

Re:Well, yeah (1)

Bartles (1198017) | about 6 months ago | (#46740359)

No, not without disclosure. Without a warrant. That is what the constitution requires. A warrant, or privacy. There is no middle ground, don't let this government create one.

Re:Well, yeah (3, Informative)

rnturn (11092) | about 6 months ago | (#46740447)

The NSA's job is not to spy on Americans regardless of whether they have a warrant or not. Spying on Americans is the FBI's job.

Re:Well, yeah (2)

davester666 (731373) | about 6 months ago | (#46741185)

yes, once this whole 'spying' thing gets outlaws, the FBI will simply open an investigation into everybody's involvement with terrorism. And no, there is no way to prove you are NOT a terrorist, so at best it will always be an open investigation..

Re:Well, yeah (3, Insightful)

ganjadude (952775) | about 6 months ago | (#46741391)

Based on the FBI list lets take a look at who they consider terrorists shall we?

People who are concerned about privacy, and shield the screen from view.
Are seen using multiple cell phones, or sim swapping
use of anonymizers or other IP blockers
encryption users
Asking about voice and data encryption
http://www.networkworld.com/community/blog/25-more-ridiculous-fbi-lists-you-might-be-terrorist-if

Tea party? terrorist
occupy group? terrorist
believe in the constitution? terrorist

and not terrorists, but the FBI considers fans of a band to be gang members. It would be like calling dead heads a gang. The band in question is the insane clown posse
http://www.cnn.com/2014/01/08/showbiz/juggalo-gang-lawsuit/

Long story short, anyone on slashdot is a terrorist in the eyes of the FBI

Re:Well, yeah (5, Insightful)

Charliemopps (1157495) | about 6 months ago | (#46739375)

No, the NSAs (as well as all government agencies) job is to defend the constitution and protect the citizens of the United States of America. The NSA has abandon the former goal in favor of the latter. They are not mutually exclusive. This country was founded on the principle that we as a people value freedom and liberty over life itself. The NSA, and apparently the president have forgotten this.

Re:Well, yeah (-1)

Anonymous Coward | about 6 months ago | (#46739643)

Muh freedoms!

Not it actually isn't... (-1)

Anonymous Coward | about 6 months ago | (#46739653)

The job of any government agency to defend the constitution. It's the job of the judicial branch. Furthermore, you actually expect a spy agency to protect the constitution? That's not even close to their job.

The naivete some have on this issue is rather surprising given the demographics of the site.

Re:Not it actually isn't... (2)

lonOtter (3587393) | about 6 months ago | (#46739879)

There is no naivete. I expect nothing but thuggery from the government, so it isn't a surprise when we see the NSA being evil pieces of trash. It is, however, something that must be stopped.

Re:Not it actually isn't... (5, Insightful)

Enigma2175 (179646) | about 6 months ago | (#46740251)

The job of any government agency to defend the constitution. It's the job of the judicial branch. Furthermore, you actually expect a spy agency to protect the constitution? That's not even close to their job.

The naivete some have on this issue is rather surprising given the demographics of the site.

Employees at the NSA take an oath to defend the constitution. From the NSA's website [nsa.gov] :

NSA/CSS employees are Americans first, last, and always. We treasure the U.S. Constitution and the rights it secures for all the people. Each employee takes a solemn oath to support and defend the Constitution of the United States against all enemies, foreign and domestic.

It's not naivete, it's just expecting them to do what they SWORE TO DO.

Re:Well, yeah (2, Interesting)

Anonymous Coward | about 6 months ago | (#46739659)

The NSA's charter as promulgated by President Truman is COMINT. That means 1) spying on foreign governments, and 2) ensuring the integrity of US government communications. They've failed #1 by spying on Americans. They've failed #2 by passively allowing thousands of known software bugs to go unpatched, thereby leaving the US government's sprawling COTS network infrastructure vulnerable.

You don't need lofty non-sense to damn the NSA. They're failed the basic tasks they've actually been given.

Also, because the NSA is so fond of scaring Congressmen with the specter of "cyberwar", they've implicitly taken it upon themselves to defend private industries, including critical power, water, and banking infrastructure. Again, leaving thousands of unpatched bugs to be exploited by criminals and foreign governments (because the NSA isn't the only people spending millions on finding these bugs) is another dereliction of duty.

Re:Well, yeah (1)

Anonymous Coward | about 6 months ago | (#46739931)

They abandoned the latter when they abandoned the former.

What did they know? When did they know it? (0)

Anonymous Coward | about 6 months ago | (#46740351)

So why has the President forgotten this if he just found out about it?

You want them to come out with a statement immediately, yet you want them to understand everything immediately. This is not possible

Re:Well, yeah, debian squeeze wins again. (0)

Anonymous Coward | about 6 months ago | (#46739401)

There are a lot of lessons to be learned by all the toy sysyadmins out there.
most of them won't be learned.
In fact, several thousand machines will never be patched - for the next year or two.
All your keys are belong to us beotches.
The problem with the open source model is that it requires a high level of competency at too many levels.
You had better get used to tiles - that's all you nimrods can handle.
and no file manager either. See? Pure genius.

Re:Well, yeah, debian squeeze wins again. (2)

Kremmy (793693) | about 6 months ago | (#46739773)

The problem with our world is that a high level of competency is actually required for an awful lot of things, and nobody wants to be competent anymore.

Re:Well, yeah, debian squeeze wins again. (2)

AchilleTalon (540925) | about 6 months ago | (#46739811)

Not completely true. Many want to be competent, however nobody wants to pay what this competency worth. You have to invest a lot of time to become competent and at the end, it must pay otherwise you are better to do something else. There is a lot of well paid jobs which don't require the efforts you need to put on something to become competent.

Re:Well, yeah, debian squeeze wins again. (1)

Anonymous Coward | about 6 months ago | (#46739845)

The problem with the open source model is that it requires a high level of competency at too many levels.

Yeah. Sure. I'm not sure if you know what "open source" means and instead seem to be using it as a stand-in for "things I cannot understand."

You, and many others, use open source software every day without even noticing it. Chances are the very browser you are using to spew irrational hate is open source.

and no file manager either. See? Pure genius.

Really? Linux has no file manager? That's funny, I seem to recall there being about a dozen of them...

Perhaps before calling others stupid, you should first learn what the fuck you're even talking about.

Well, yeah (0)

Anonymous Coward | about 6 months ago | (#46739403)

Part of their job is also to get shot dead sometimes. Maybe we should be cold and pragmatic about that too and start eliminating them. You selfless Dumb-ass.

Re:Well, yeah (1)

Anonymous Coward | about 6 months ago | (#46739421)

They're also in charge of defending USA networks against intrusion from foreign powers. Leaving security holes in software used by US citizens, that others, like the FSB, can exploit run counter to that part of their job.

Re:Well, yeah (0)

Anonymous Coward | about 6 months ago | (#46739437)

So the NSA's enemy is the US economy? Why don't they say that straight out instead of using words like 'terrorist' and 'national security'...

Re:Well, yeah (4, Interesting)

Somebody Is Using My (985418) | about 6 months ago | (#46739569)

Signal interception is only half of the NSA's charter; the other half is "Information assurance", which means keeping The Bad Guys (tm) from doing the same to us.

The NSA has been too focused on the interception part of their job, to the point where they are allowing - or purposefully weakening - US security with weak or backdoored encryption methods. Too many government agencies rely on the Internet for them to have turned a blind eye to things like the OpenSSL vulnerability; the NSA has failed at one of the most important part of its jobs.

While I would be loathe to forbid an intelligence agency from using such a vulnerability against legitmate targets, at the same time I would be quite upset if they didn't make sure that they weren't doing what was necessary to keep its charges (us!) safe from being similarly penetrated, especially if that task was specifically part of their remit.

Re:Well, yeah (2, Insightful)

Anonymous Coward | about 6 months ago | (#46739771)

The problem here is that you can't do one without doing the other, unless you want to go back to the days where SSL required a special "US" browser and a proprietary web server. Nowadays, information assurance directly harms signal interception because "the bad guys" are running the exact same software as "the good guys". If the NSA finds a vulnerability in OpenSSL, they can't fix it for US companies while using it against the bad guys at the same time. The bad guys will just patch their software, they aren't dumb.

Given this impasse, the NSA chose the path that gives them the most funding - escalating hacking operations and signal interception to find as much scary things as possible. There's a lot more money in making the world dangerous for non-Americans as opposed to making the US safe.

Re:Well, yeah (4, Insightful)

Savage-Rabbit (308260) | about 6 months ago | (#46739583)

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

No, the role of the NSA is not just to gather SIGINT, the NSA iis also tasked with preventing unfriendly entities from gathering SIGINT which is why the NSA initiated and open sourced SE Linux [wikipedia.org] just to cite one example. So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT? After all, foreign intelligence services may not have to budget of the NSA but they are not stupid either, they can discover bugs like Heartbleed just as easily as the NSA can and might well use it sufficiently stealthily for the NSA not to notice that they aren't the only ones sitting on this vulnerability. When do the costs of spying outweigh the benefits?

Re:Well, yeah (0)

Anonymous Coward | about 6 months ago | (#46739983)

I certainly know how I will treat Americans in the future. Fuck you, twit.

WRONG (0)

Anonymous Coward | about 6 months ago | (#46740041)

the national security agencies JOB is national security, non security is insecurity

and as a hacker im going to start exploiting you all then they are saying that there govt people can break federal law with impunity then why can't i

Re:Well, yeah (0)

Anonymous Coward | about 6 months ago | (#46740177)

The only thing worse than the NSA, is a government official who stands for absolutely nothing; neither totalitarian dictatorship nor democratic republic.

Fuck em'.

Sounds like (5, Insightful)

rmdingler (1955220) | about 6 months ago | (#46739271)

He is pretty much admitting the next vulnerability will be exploited until no further military or law enforcement benefit exists.

There are almost certainly ongoing exploits of vulnerable systems.

People will very often tell you their intentions if you listen closely enough.

Re:Sounds like (0)

Anonymous Coward | about 6 months ago | (#46739455)

Not nough people make the distinction between law enforcement and military. Military is here to protect the USA (or country of origin) and it's interests. Law Enforcement is in the business of making money. The Prison industrial complex is a multi billion dollar industry, and it needs bodies to keep it feed. Thanks to the politicians and special interests groups, most of whom recieve campain donations from sovreighn overseas interests, we have millions of laws on the books to keep USAians enslaved and the system running happily along. I am proud to say that the USA leads the world in this endeaver. So IMHO the NSA should not be constrained, but LE should be. Or better yet lets overhaul the Injustice system and Law enforcement agencies so they go after bad people. We do no need LE busting up lemonade stands so that the special interests do not have to engage in competition with little Salley.

Re:Sounds like (1)

ganjadude (952775) | about 6 months ago | (#46739511)

or is he admitting the next one is already in the wild, and they are already exploiting it?

Barack Barack Bork Bork (0)

bayankaran (446245) | about 6 months ago | (#46739277)

If you have the exploit, you can exploit the exploit.

depends (0)

Anonymous Coward | about 6 months ago | (#46739285)

even tough I think that the NSA is pretty much pure evil.

I understand the issue between national security and security

The big question is how much are you willing to compromise your own country's security to provide national security.

I think in the case of the the heartbleed exploit it vastly outweighs national security.

Note: I'm not a Us national

only one Comment needed. (1)

Anonymous Coward | about 6 months ago | (#46739295)

We just don't trust you and wouldn't if you said, " you'd close gitmo", "not spy on us", "or not pay for back doors." You've won the war of attrition. pre 2001 of-age people know what we've lost and you can say and do whatever you like. ehh.... it must a pre-coffee morning.

Re:only one Comment needed. (0)

Anonymous Coward | about 6 months ago | (#46739817)

+1 if I had it

There's no information here. (5, Insightful)

slapjerkt (220482) | about 6 months ago | (#46739311)

The information content of a sentence whose structure is, "I may x or I may not x" is 0.

Re:There's no information here. (0)

Anonymous Coward | about 6 months ago | (#46739343)

OTOH the average information content in a political speech is still 0.

Re:There's no information here. (4, Funny)

Iconoc (2646179) | about 6 months ago | (#46739363)

He also forgot to say "let me make one thing perfectly clear."

Re:There's no information here. (0)

Anonymous Coward | about 6 months ago | (#46739431)

Just for the record, he did not have sex with that woman either.

Re:There's no information here. (0)

Anonymous Coward | about 6 months ago | (#46739961)

The cat may be dead or the cat may not be dead.

That's all you get from Obama (0)

Anonymous Coward | about 6 months ago | (#46740039)

He doesn't lead. He waits for some one else to do something then either points fingers of blame or takes credit.

Re:There's no information here. (2)

QuantumPion (805098) | about 6 months ago | (#46741419)

On the contrary there is a lot of information there. When a government official says "I may or may not respect the constitution" that mean he has already decided that he will do whatever he wants regardless of constitutional authority and obeys the law only when it is convenient to do so.

The President doesn't micro-manage this stuff (4, Insightful)

localroger (258128) | about 6 months ago | (#46739323)

Really, anybody who thinks anybody cabinet level or higher even knows about this kind of logistical detail is an idiot. This isn't at all like the torture thing which is a basic human rights violation; nobody is questioning the NSA's right to spy on certain people, and this has nothing to do with any accusation that they're spying on people they shouldn't be spying on. This is about technological implementation, and it's part of NSA's purview as a spy agency to explore technologies that further their ability to do their job. Part of that is discovering weaknesses in cryptographic systems which are trusted by the people you want to spy on. Having discovered such a useful weakness they aren't obliged to report it, although they are obliged not to use it (or any of their other techniques) against our own citizens.

Re:The President doesn't micro-manage this stuff (1)

Dachannien (617929) | about 6 months ago | (#46739623)

This is about technological implementation, and it's part of NSA's purview as a spy agency to explore technologies that further their ability to do their job. Part of that is discovering weaknesses in cryptographic systems which are trusted by the people you want to spy on.

The NSA also plays a counterintelligence role, and they're falling short of that if they don't take action to notify developers of a widely used Internet infrastructure utility that their software contains a critical exploit. If they can exploit it, so can the spy agencies of any other government with the skills to do so.

Re:The President doesn't micro-manage this stuff (0)

Anonymous Coward | about 6 months ago | (#46739651)

But by not disclosing such vulnerabilities they are basically leaving the citizens (which they are mandated to protect), vulnerable to other parties that may know of said vulnerability. Is the ability to spy on our adversaries worth sacrificing the security of the common citizen? I think it's an interesting question that demands an answer from the White House, and isn't answered by the "but it's the NSA, of course they should be allowed to spy!!"-sentiment that a lot of folks seem to have around here...

Re:The President doesn't micro-manage this stuff (4, Insightful)

PeeAitchPee (712652) | about 6 months ago | (#46739717)

Yet, the NSA is part of the Executive Branch and, as its head, the buck stops with him. James Clapper LIED to a Senate panel -- right to Ron Wyden's face -- and nothing has happened. The Snowden leaks are almost 11 months old now, and Obama obviously knew of a lot of those activities before then. He has chosen to DO NOTHING, or worse, in the case of mass surveillance, kick the ball to *Congress* (yes, the same Congress he's constantly bitched during his two terms about being dysfunctional and blocking his every move), which is completely unnecessary as NSA is part of the Executive Branch. Let's suppose that, as you contend, Obama is sooooo high up that he was in fact completely ignorant of any of the technical details of these activities, or even the existence of some of these programs. If he cared even the tiniest bit about our rights and upholding the Constitution -- especially in the wake of disclosures about leaving all US Citizens completely vulnerable to exploits such as HeartBleed -- he'd at least hit the Pause button on these programs via Executive Order so they could be properly investigated. He hasn't done *anything* close to that -- nothing. Just a bunch of bullshit lip service. This indicates he approves of all of these programs, and is attempting to wait until the noise dies down so they can be continued and expanded. Giving Obama a pass on anything NSA-related is weak and people that do it look like apologists from where a lot of us sit.

Re:The President doesn't micro-manage this stuff (1)

AchilleTalon (540925) | about 6 months ago | (#46739863)

Well, did NSA actually knew or not about Heartbleed? Anyone can prove NSA was aware of the bug and did nothing to protect USA from a third party's threat?

Re:The President doesn't micro-manage this stuff (1)

joe_frisch (1366229) | about 6 months ago | (#46740465)

If a military organization discovers a weakness in an enemy country's defenses, it is perfectly reasonable for them to keep this weakness secret and use it in future conflicts. Cyber security is different. Since we are all using roughly the same technology, by discovering a weakness in the defenses of another country, they have discovered a weakness in OUR defenses.

At the moment the US has a strong advantage in conventional warfare, but not so much in cyber warfare. In looking at overall national defense, patching holes in everyone's cyber defenses reduces the effectiveness of cyber war (where we are not clearly dominant), and moves the focus to conventional war where we are dominant.

Re:The President doesn't micro-manage this stuff (0)

Anonymous Coward | about 6 months ago | (#46740727)

The right to not have everything you say and do pervasively surveilled and logged on an government system for at-will inspection by the military and federal police? That sure as fuck is a basic human right.

Information (0)

Anonymous Coward | about 6 months ago | (#46739337)

That statement may or may not contain any useful information whatsoever.

If you trust the word of the NSA (5, Insightful)

kruach aum (1934852) | about 6 months ago | (#46739345)

you're a moron. Don't trust liars who have been proven to lie and then continue lying. In fact you probably shouldn't trust liars in general.

Re:If you trust the word of the NSA (0)

Anonymous Coward | about 6 months ago | (#46739629)

If you think the NSA is evil, just get a load of what little johnny is going to do with heartbleed.
You think the NSA considers you a "high value target"?
Little johnny does. And he doesn't have to waste time issuing press releases.
Little johnny ownzu linux dixheds.

Re:If you trust the word of the NSA (1)

Anonymous Coward | about 6 months ago | (#46739927)

Since 9/11, everyone is a target of the NSA. If there is any information the NSA can collect on you, they will collect it and store it away forever on the off chance they may have to use it against you someday. Why, because they can. As far as they are concerned we all are equally likely to become future terrorists and threats to corporate interests and the government, so omnipresent mass surveillance on every human being on the planet is perfectly justifiable.

Does Obama really have anything to do with it? (1)

damn_registrars (1103043) | about 6 months ago | (#46739367)

Does the NSA really ask the President's permission to exploit any given loopholes in their work? If the President had to authorize all their auctions than this would seem to be both rather damning for the president and a bit of a waste of his time.

Re:Does Obama really have anything to do with it? (0)

Anonymous Coward | about 6 months ago | (#46739395)

No, they don't ask permission.

But I'm sure if a republican were in office, you can be damn sure that people would say the answer is Yes.

Re:Does Obama really have anything to do with it? (0)

Anonymous Coward | about 6 months ago | (#46740303)

Does the NSA really ask the President's permission to exploit any given loopholes in their work?

Obama has the authority to tell them what to do or not to do; he's head of the executive branch, that's in fact his primary job.

What's not his job is to push through new laws, like ACA, or underrmine the express will of Congress; perhaps if he wasted less time on things he shouldn't do and spent more on things he should, he'd actually be able to control the NSA.

Missaligned goals (0)

Anonymous Coward | about 6 months ago | (#46739405)

This is a clear indication that the government's and therefore NSA's security concerns are absolutely misaligned with the interest of the population. They seem to serve imperialist ambitions. An indicator of concern for citizen's security would be to report such a vulnerability immediately and helping prevent the exploitation of such bugs by cyber criminals. That would be in the interest of national and international security.

Should always be reported (3, Interesting)

medv4380 (1604309) | about 6 months ago | (#46739407)

The problem with saying "unless 'a clear national security or law enforcement need' exists" is that it actually compromises national security. What is more important. That you can easily hack in and skill data from the KGB, or some mafia site; or that every last American Citizen can be hacked by the KGB, or mafia? Keeping a bug like heartbleed a secret is something only an idiot or black hat would do. If the NSA knew of heartbleed early, and kept it a secret they are arrogant idiots. They ether wanted criminals to have free rain to steal anything they wanted, or they believed that criminals are too stupid to have found this bug.

Re:Should always be reported (1)

CrimsonAvenger (580665) | about 6 months ago | (#46739525)

hack in and skill data

Okay, I have to ask...

It is fairly obvious from the remainder of the post that the author is American. It looks like he/she/it was trying to say "hack in and steal data", but generally when words are mispelled, they're mispelled based on similar sounds. So what dialect has "steal" and "skill" sounding alike?

Seriously curious, since I thought that I knew most major dialects, and don't recall one that would pronounce the "ea" in "steal" like the "i" in "skill".

Re:Should always be reported (0)

Anonymous Coward | about 6 months ago | (#46739585)

It's unthinkable that a majority of people do their internet comment reading from phones. Swype style text entry likes to make its own assumptions about what you entered.

Re:Should always be reported (1)

medv4380 (1604309) | about 6 months ago | (#46740011)

Typo from a lack of coffee first thing on a Sunday Morning. With a pretty stressful weekend too.

Re:Should always be reported (0)

Anonymous Coward | about 6 months ago | (#46739701)

KGB? Under what rock have you been living under this past two decades? FYI the KGB died along with the Soviet Union. Now I'm not amazed that there are still NSA boosters in Slashdot.

Re:Should always be reported (0)

Anonymous Coward | about 6 months ago | (#46740029)

The rock where the KGB currently rules Russia.

This is funny (0)

Anonymous Coward | about 6 months ago | (#46739475)

As if anyone cares about his opinion. Silly Mr. Obama LOL

Old habits die hard (1)

Begemot (38841) | about 6 months ago | (#46739481)

The enemies will exploit it, so they can't afford being not competitive. Surely they will exploit everything they can and let the bullshit art masters cover up. That's how they're trained to think and old habits die hard.

Makes sense (1)

Pop69 (700500) | about 6 months ago | (#46739485)

Why would you want to tell the opposition what your plans are, that would be really stupid

Obama could issue an Executive Order (5, Insightful)

PeeAitchPee (712652) | about 6 months ago | (#46739489)

The NSA is part of the Executive Branch. Obama could immediately, at the very least, put a temporary halt on all of these types of activities and conduct a review gauging the potential impact on ordinary US citizens as collateral damage. He has done no such thing -- not with mass surveillance, not with HeartBleed, not with any of the other nasty shit disclosed in the Snowden leaks. Don't DARE give him a pass on anything NSA-related -- he doesn't need Congress in this case and can personally shut it all down at any time.

Re:Obama could issue an Executive Order (0)

Anonymous Coward | about 6 months ago | (#46739873)

Yea vote republican, those guys will respect the rights of the people! /s

Re:Obama could issue an Executive Order (0)

Anonymous Coward | about 6 months ago | (#46740483)

Yea vote republican, those guys will respect the rights of the people! /s

At least they claim to support limiting the revenue that the ravenous beast called the US government feeds on.

Probably never occurred to you that a government as big as the one the US now has is literally out of control and the only way to get it under control is to make it smaller.

So if rights are really that important to you, you'd never vote for any politician who wants to do any sort of tax increase - no matter how it's sweetened with words of "fairness" or "investment in our future" - or any other meaningless buzzword.

Re:Obama could issue an Executive Order (0)

Anonymous Coward | about 6 months ago | (#46740611)

I think the point is, it doesn't matter what party you vote for - they're all corrupt, and we shouldn't let them get away with it.

Re:Obama could issue an Executive Order (1)

grep -v '.*' * (780312) | about 6 months ago | (#46740441)

?? Confused here ... so are you saying that you HOPE he CHANGES?

That being said, he's "at the mercy" of what his managers tell him. I'm sure news is filtered every which way but loose and that he's told "ignore the TV", as those guys only reflect some public opinion, and they don't have all of the facts anyway.

After all, we know he's proficient in technically matters [baltimoresun.com] , so I'm sure that him deep understanding the NSA technical functions is just obvious [xkcd.com] .

Re:Obama could issue an Executive Order (1)

flyingfsck (986395) | about 6 months ago | (#46740635)

No, Ohbumma can't do squat, due to the large file the NSA has on him.

Re:Obama could issue an Executive Order (0)

Anonymous Coward | about 6 months ago | (#46740847)

Oh please. The public already knows about him smoking, the paperwork he lied on to get into Harvard, the communist who paid his tuition, and gay sex with his limo driver in Chicago, and guess what? We don't care. He is such a great leader that we are willing to let those things pass. There is nothing that they can do tht can hurt him.

The problem is with Bush. He created a system that the President can't undo without Congress's help. Since the Congress is ruled by the Tea Baggers now, he can't put a stop to it.

cow jumped over the moon defense still best (0)

Anonymous Coward | about 6 months ago | (#46739495)

who knew or even cares about our imaginary secrets

Cool story bro (1)

mansie (1601275) | about 6 months ago | (#46739523)

"We knew about this since day one, heck we ordered, executed and implement.. I mean... we may or may not exploit the next one we produ.. I mean the next one."

Doesn't this reek of abuse under the CFAA? (0)

Anonymous Coward | about 6 months ago | (#46739545)

Am I the only one that thinks the government should have to follow the same laws the rest of us are expected to?

They go after and prosecute people for doing the very same things as this talks about. Exploiting a bug in software is one of the primary infractions under the CFAA, yes the government uses them as tools, claiming Law Enforcement need, where anyone else would be prosecuted to the full extent of the law, and thrown in jail for 1/2 their lives.

Isn't it time we hold those in power to the same standards that we ourselves are held to? Isn't it time that the law pertains to everyone, instead of excluding those who write and enforce the laws? No one is above the law, we as citizens shouldn't stand for this. Isn't it time yet?

Cuba, USA and North Korea (0)

Anonymous Coward | about 6 months ago | (#46739553)

Nothing new in communist regimes USA or North Korea. There is always "national security need" Just look at streets of US cities. No other country has so many security forces present working for the regime. Those commies countries are disgusting.

yeah right (1)

sribe (304414) | about 6 months ago | (#46739729)

Like he really has any control over what they do anymore...

Murica! Freedom!! (1)

ze_jua (910531) | about 6 months ago | (#46739791)

You Americans are so lucky. Of course they will do this! to defend your freedom!!! :-)

misaligned goals (1)

amerello (2950699) | about 6 months ago | (#46739825)

This is a clear indication that the government's and NSA's security concerns are absolutely misaligned with the interest of the population. They seem to serve imperialist ambitions. An indicator of concern for citizen's security would be to report such a vulnerability immediately and helping prevent the exploitation of the bugs by cyber criminals. That would be in the interest of national and international security.

At last a politician who speaks the truth. (1)

hey! (33014) | about 6 months ago | (#46739831)

He MIGHT let the NSA do it, OR he MIGHT NOT. That's a credible a statement as anyone could make.

That's news? (1)

amightywind (691887) | about 6 months ago | (#46739895)

Obama is straddling an issue. That's news?

pure garbage (1)

Anonymous Coward | about 6 months ago | (#46739913)

What a useless president. Spineless, cowardly, completely incompetent. Has he ever disciplined anyone? Either that or he's degenerated into a true puppet. How can he live with himself?

Gotta wonder (0)

Anonymous Coward | about 6 months ago | (#46739941)

I have to wonder exactly what the NSA has on President Obama that they can get him to dance to their tune so well... This has been going on since as US Senator for Illinois he switched his support against the FISA act to pro-FISA... It really pissed me off! It was obvious to me at the time that he had been compromised, and I said as much! :-(

What "let"? (1)

Chas (5144) | about 6 months ago | (#46740007)

Obama isn't in a position to "let" or "prohibit" SHIT (even his own).

He's a fucking douchebag, Chicago Machine politician.

He has no opinions or even feelings outside of what his little cabal of "advisors" tell him he does.

He's also in NO position to dictate to the NSA what they will or will not do with an undiscovered bug in a security device/program.

The NSA damn well WILL use it, and so long as nobody leaks it to THE PUBLIC, it's "See No Evil, Hear No Evil, Speak No Evil" from the rest of the government.

Even if Obama were to, God forbid, try something PROACTIVE, they'd still just ignore it and sacrifice yet another desk jockey stooge once caught.

Re:What "let"? (1)

bytesex (112972) | about 6 months ago | (#46740547)

They will also be held accountable, at least internally, if, when it becomes known, and subsequently there is damage to the interests of the US. So in spite of your rhetoric, it's always a gamble. And I think in this particular case, we have reason to believe the man: the damage would have been potentially too great. And there is, in this particular case, seemingly no real reason to lie.

Re:What "let"? (1)

Chas (5144) | about 6 months ago | (#46740925)

Accountable?

The US Government?

Pfft!

I'll believe that shit when I start seeing it.

I hesitate to label them crooks, because crooks couldn't get away with the shit our government does.

Not to mention that crooks are more careful with money than the US government EVER was.

So they are collaborating with the bad guys... (1)

gweihir (88907) | about 6 months ago | (#46740067)

Why? Simple: If they let this type of vulnerability exits unpatched, they are collaborating with criminals, foreign (and often hostile) intelligence services and terrorists by standing idle buy. That puts them straight in the "bad guys" class and, by any sane account, represents high treason. It is a bit like leaving the border open in order to see who brings anthrax, nuclear material or bombs over it.

In addition, they are increasing the level of uncertainty and trust for everybody, thereby aiding terrorists of all sorts that have exactly this same goal, namely destabilizing society.

It really does not get more evil than that, except actively creating vulnerabilities that everybody can find and exploit. Oh, wait, they may be doing that as well...

um... (0)

Anonymous Coward | about 6 months ago | (#46740163)

So terrorists = bad but knowing about a exploit and staying quiet about it even though the results of staying quiet could be pretty damaging to not just our economy but the global economy as well is acceptable? I feel so much safer!

In the name of national security, (0)

Anonymous Coward | about 6 months ago | (#46740223)

the answer will always be YES.

POLITICS will cause the next dark age (1)

kheldan (1460303) | about 6 months ago | (#46740237)

For a long time now I've thought that religion will cause the next Dark Age of Man, through promoting willful ignorance, superstition, and blind "faith", instead of promoting knowledge, understanding, and the search for actual truth. Apparently I was wrong, or at least not completely correct: Politicians and politics will bring about the next Dark Age, by driving people away from the Internet through mass surveillance, and runaway corporate interests destroying Net Neutrality. Once the Internet is no longer a viable source of sharing information for the common citizen, it won't be much farther to go to drive people, en masse, back into the welcoming arms of organized religion and it's rejection of critical thought.

I'm embarassed to have voted for this party-line politician we elected as President, but frankly the other choice would have been at least as bad. Why don't you just declare the Constitution invalid and the U.S. officially a Police State already and get it over with?

how unusually honest (0)

Anonymous Coward | about 6 months ago | (#46740267)

That's a degree of honesty we aren't used to from President Obama. His usual response would be to say that he will do the right thing, then secretly do the wrong thing, and when found out, claim that he learned about everything on TV the night before.

I guess Obama must be getting slightly more honest about how he's going to screw people because he doesn't have to give a f*ck anymore about getting reelected and because this admission doesn't hurt his billionaire financial backers.

"Hedging," or just an honest appraisal? (0)

Anonymous Coward | about 6 months ago | (#46740269)

Are you saying there is no circumstance - none whatsoever - worth considering where a security flaw in software would be better for society to not reveal (at least temporarily) than to reveal immediately? That's a rather dogmatic position.

If the NSA were actually about National Security.. (2)

jtara (133429) | about 6 months ago | (#46740363)

If the "primary directive" of the NSA were actually National Security (rather than spying) what they should do would be obvious.

In the interest of national security, should the NSA discover such an exploit, they should quietly work with public and private organizations to get as much of the infrastructure fixed before the exploit becomes generally known.

Instead, though, what we have is that the NSA has likely had free access. Along with the rest of the world's spy agencies. And hackers and crime networks. That doesn't foster national security, IMO.

national security (1)

drolli (522659) | about 6 months ago | (#46740405)

The national security interest would be to patch the hole, not to leave it open. This hole was to easy to exploit, and supposedly enabled identity theft on a massive scale, even to vastly infereior intelligence services.

The comparison with the centrifuges in Iran is misleading. for that combination of attacks it is very hard even to find suitable experts to generate the code.

Noncommittal (0)

Anonymous Coward | about 6 months ago | (#46740775)

Is Obama actually capable of making a decision? There will ALWAYS be a "justifiable" national security "need" to spy on the entire country. Why can't he just be honest and state it as it is?

Let's keep it simple (2)

Trashcan Romeo (2675341) | about 6 months ago | (#46741345)

The US government has the ability to spy on every electronic communication you make, it has been exploiting that ability to the fullest for many years now, and it will continue to do so forevermore. It will do so for the sole purpose of increasing its own power. If put to the inconvenience, it will lie to your face about it. This state of affairs will prevail regardless of which branch of the Money Party is in power. And there isn't thing one you can do about it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?