undefined | Better HN

0 pointsreissbaker4y ago0 comments

"Using an 0day" is carrying a lot of weight there. The Snowden leaks revealed active hacking of American private citizens and companies, e.g. tapping Google's dark fiber lines, intentionally inserting cryptographic vulnerabilities into the Linux kernel, social engineering to end up with control of security standards bodies, etc.

In my opinion, it doesn't matter whether the country used an 0day or not when it's willing to actively, warrantlessly wiretap its citizens en masse. And the fact that the NSA is at this point known to have spent enormous money and effort to insert NSA-designed vulnerabilities into commonly-used cryptographic systems means it's pretty hard to believe it didn't use them — and if that's not an "0day," what is?

Source: https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encry...

A key quote, among many:

"Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.

"Eventually, NSA became the sole editor," the document states."

0 comments

staticassertion4y ago

AFAIK there were warrants for what the NSA was doing, it's just that those warrants were through a very sketchy, private court.

j / k navigate · click thread line to collapse