Oftentimes, a good defense is the best defense.
NSA (*N***ot *S***ecuring *A***merica)
Sure they intentionally weakened security everywhere, and that was bad, but that is the least of their mistakes.
They also gathered all our sensitive information into one place and then did a horrible job protecting it. if regular level operators such as snowden could access whatever he wanted and walk away with the amount that he did, just imagine how much sensitive information nefarious double agents got their hands on during the same time.
in any government organization the size of the NSA it is a statistical certainty that a certain number of people inside the organization could be bought or pressured into stealing information, and their internal security was a joke which is why they got caught with their pants down in the first place. that is the truly terrifying aspect that is never discussed.
That article needed some serious editing. Still trying to figure out what Schneier is talking about here,
When someone discovers one, he can either use it for defense or for
offense. Defense means alerting the vendor and getting it patched. Lots
of vulnerabilities are discovered by the vendors themselves and patched
without any fanfare. Others are discovered by researchers and
hackers. A patch doesn’t make the vulnerability go away, but most users
protect themselves by patch their systems regularly.
A patch"doesn't make a vulnerability go away"? So when I patched my server against Heartbleed it was still vulnerable to Heartbleed since patches don't make vulnerabilities go away? So vendors just issue patches because programmers need work?
Should we notify The Atlantic, or just keep it amongst ourselves?
Just because you patched your server doesn't mean everyone else did. There are many servers still vulnerable to Heartbleed, but now everyone knows about it.
This topic was automatically closed after 5 days. New replies are no longer allowed.