|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The worst thing is, this vulnerability was wide open for two years, and prior to this week's patches being installed, exploits of it left no trace in a server's logs. Nobody knows what or how much confidential data has been stolen already, or by whom. I can't recall another online security threat that was this alarming.
|
|
|
|
|
|
|
|
I can, and we have a certain Edward Snowden to thank for exposing it (!). Compared to the implications and worldwide abuse of that threat, this heartbleed bug seems harmless really. At least it has a solution. In my estimation, that makes three things you don't understand. But we've always disagreed about various things and I don't plan to bicker.
|
|
|
|
|
|
|
|
Well, the three things you implied are - that the NSA's data mining project was a bigger threat to us (as opposed to terrorists) than heartbleed is. - that Snowden did a good thing. He actually handed over a vast amount of our Defense and national security info to Russia-- vital materials having nothing to do with the lofty goal of securing our privacy and everything to do with giving advantage to Vladimir Putin in any conflicts that might arise. - that heartbleed is no big deal. The big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet. And as I implied before, I don't think we'll end up agreeing.
|
|
|
|
|
|
|
Posted: |
Apr 11, 2014 - 4:45 AM
|
|
|
By: |
Francis
(Member)
|
Well, the three things you implied are - that the NSA's data mining project was a bigger threat to us (as opposed to terrorists) than heartbleed is. - that Snowden did a good thing. He actually handed over a vast amount of our Defense and national security info to Russia-- vital materials having nothing to do with the lofty goal of securing our privacy and everything to do with giving advantage to Vladimir Putin in any conflicts that might arise. - that heartbleed is no big deal. The big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet. And as I implied before, I don't think we'll end up agreeing. Well I respect this post a lot more than your previous one. Heartbleed will be fixed, the problem is known and the companies who use the OpenSSL version that contains the bug will simply make the adjustments to make the system less vulnerable. The abuse of the bug is also limited in that it only allows for getting people's credentials and impersonating them or try to scheme them, same old really as this type of cybercrime has been going on for quite some time and will continue in other forms. The NSA data mining project and PRISM however goes a lot further and is more aggressive in its intent and scope, not just storing your data but also linking your presence on the internet and whereabouts, banking activity etc. We're not talking about someone who steals your username and paswords, or reads your mails, no we are talking about someone who will look for every bit of information about you (including camera and phone recordings) and link it all together. The fact that this is orchestrated by a government in secrecy is unacceptable and no threat of terrorism IMO allows for someone invading the privacy of civilians (with the exception of probable cause and in such a case with the cooperation of the providers, not behind their backs), let alone the privacy of leaders of friendly countries. It also creates an advantage as it is prone to being abused for own political and financial gain. Whereas someone exploiting the heartbleed bug, I doubt such a person has an empire to run! In regards to Snowden, he shouldn't have been in Russia in the first place, but giving how whistleblowers are treated in the US, he had little choice. I very much doubt that his intel is of any worth to Putin, his being there however is as it shames the US. He is just being drummed up to be a Russian defector as to not have to face what this man truly did, expose the big brother mentality that can't be fixed like a simple software bug. You say the big deal is that nobody knows what data has been stolen over the past two years, or by whom. And this involves two-thirds of all the servers on the Internet. What we do know is that the NSA has been doing just this systematically for who knows how long, I'm willing to bet it's a lot longer than two years. And not just the NSA, I'm not ignorant that it ends there. We can both differ on what is more harmful, but I'm merely point out that one is a system flaw that was not intended (I surely hope not), the other is intended and as such to me a hell of a lot more worrisome than some hackers out to make a buck.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|