tg-me.com/librecryptography/279
Last Update:
The obvious stupidity in this policy is:
1. The idea that the NSA possesses such an inherent (and permanent) advantage vs. all others on planet earth that there could exist vulnerabilities / exploits that only it could exploit (and nobody else; American hubris at its finest possibly)
2. The idea that there are no 'double agents', 'spies' (etc.) that are embedded within the relevant intelligence agencies dealing with these secrets.
3. The failure to put a 'cap' or timestamped limit for when the vulnerability will be patched. For example, perhaps they find a vulnerability that they consider to be NOBUS in 2011, and decide to leave that exploit unpatched - when does it become patched? Surely, the NSA cannot have believed that they stumbled across exploits that nobody would ever be able to exploit at any point in time - either then or in the future, right?
4. The NSA has frequently made purchases of certain exploits on the 'grey market' from various vendors. To leave those exploits unpatched exhibits stupidity in its rawest form because, by virtue of the fact that there exists a 3rd-party vendor with the ability to find certain zero-day vulnerabilities in software (among other things), means that the assumption should be that there exists 3rd-parties (in general), with the capability to find the same bugs / exploits and leverage them by passing that information on to their respective intelligence unit(s).
This policy of 'NOBUS' has resulted in tens of millions of Americans becoming the victim of various data breaches, hacks, ransomware etc.
BY LibreCryptography
Warning: Undefined variable $i in /var/www/tg-me/post.php on line 283
Share with your friend now:
tg-me.com/librecryptography/279