Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom   Left Coast Kratom Buy Kratom Capsules

Jump to first unread post Pages: 1
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
NSA denies ‘Raiders of the Lost Ark' stockpile of security vulnerabilities
    #23517739 - 08/07/16 03:34 AM (7 years, 5 months ago)

https://www.theguardian.com/technology/2016/aug/06/nsa-zero-days-stockpile-security-vulnerability-defcon

Quote:



America’s National Security Agency (NSA) spends upwards of $25m in a year buying previously undisclosed security vulnerabilities – known as zero days, because that’s the length of time the target has had to fix them – but the large investment may not result in as much of a collection of hacking capabilities as is widely assumed.
Jason Healey, a senior research scholar at Columbia University and director at the Atlantic Council policy thinktank, argues that the true number of zero days stockpiled by the NSA is likely in the “dozens”, and that the agency only adds to that amount by a very small amount each year. “Right now it looks like single digits,” he says, adding that he has “high confidence in this assessment.”
Healey presented the research at the Defcon hacking conference in Las Vegas to a packed crowd on the opening day of the event. “I don’t know if we’ve got the right answer, but we’ve tried to run down every line of evidence that we can.”

Using Wi-Fi in Airbnb rentals poses security threat, researchers say

Read more

The question of quite how many unpatched, undisclosed vulnerabilities the NSA has stockpiled cuts to the heart of a long-running concern the information security community has about the agency’s so-called “dual mandate”: it is in charge of procuring intelligence about the actions of America’s enemies, a goal it often pursues through targeted hacking attacks, which are made easier by having knowledge of useful zero days, but at the same time, it is in charge of protecting the information security of the nation, a role which naturally entails warning vendors about unpatched security vulnerabilities it discovers.
NSA claims its discloses 91% of vulnerabilities to vendors
The same tension exists within the wider American government, Healey says. “You see this tension between these agencies, and the government is certainly not of one mind on this … Until 2010 it doesn’t seem like there was a government-wide policy to handle this.”
Before beginning his talk, Healey asked the audience how many vulnerabilities they thought the NSA had stockpiled: hundreds, thousands, more than thousands or less than hundreds. The straw poll showed roughly even numbers guessing each possibility, something that underscores how little trust there is among hackers at large that the NSA will do the “right thing” when it has knowledge of critical bugs.
While emphasising that the closed nature of the NSA makes it hard to state anything categorically, Healey argues that all the available evidence supports the case that the agency actually has much less than the hundreds or thousands or vulnerabilities some in the audience thought it might.
One key piece of evidence comes from the NSA itself, which in 2015 claimed that 91% of vulnerabilities it procured were eventually disclosed to the vendors whose products were at risk. Of the other 9%, at least some of those weren’t disclosed because they were fixed before they could be, the agency adds.
Similarly, the White House has revealed that in one year since the current disclosure policy was implemented, it reviewed about 100 software vulnerabilities discovered by the NSA to determine if they should be disclose, and “kept only about two”. Healey adds that in the autumn of 2014, he was personally told that every single vulnerability which had come up for review had been disclosed.
‘We don’t have a stockpile of zero days’
Aside from anything else, the figures fit with the comparatively low number of zero days found used in the wild in general. According to security researchers Symantec, just 54 were found through the whole of 2015, “so single digits sounds reasonable”.
Healey also cites Michael Daniel, a special assistant to the president and the US’s cybersecurity coordinator, to support the claim: “The idea that we have these vast stockpiles of vulnerabilities stored up – you know, Raiders of the Lost Ark-style – is just not accurate,” Daniel has said.
The figures don’t include the actions of other agencies, though. As the war between Apple and the FBI revealed, conventional law enforcement bodies also have an interest in securing unpatched vulnerabilities. When the FBI eventually bought one such zero day to break into the iPhone 5 at the heart of its fight with Apple – for a reported $1m – it managed to avoid government regulations about zero day disclosure by arguing that it only bought the use of a tool, not the zero day itself. “To me,” Healey said, “it seems to contravene pretty direct presidential guidance.”
Similarly, they don’t include the actions of other governments. Around 30 are known to stockpile their own vulnerabilities, but only one – Britain’s GCHQ – is anywhere approaching public about their activities. GCHQ announced disclosure of 20 zero days last year.
Healey closed with a plea to governments and to the hacker attendees of the conference: “Normally in warfare if one side disarms themselves all they’ve done is disarm themselves. This is the one area where you can disarm governments, because once that information goes to a vendor, everyone is disarmed.”




Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: NSA denies ‘Raiders of the Lost Ark' stockpile of security vulnerabilities [Re: tdubz]
    #23517751 - 08/07/16 03:43 AM (7 years, 5 months ago)

Interesting article, but I do believe NSA TAO lead officer himself has said that they don't need zero days to hack into a computer or trojans, worms, viruses....you simply just need to be connected to the internet that is all with everything updated to the newest releases including everything from your anti virus software to your windows. If the governments really wanted the data on your computer you don't even need to be on the internet.


Edited by tdubz (08/10/16 01:59 AM)


Extras: Filter Print Post Top
OfflineEywa_devotee
Goddess Worshiper
Male User Gallery

Registered: 10/04/10
Posts: 1,088
Loc: State of Confusion, Arkan... Flag
Last seen: 3 years, 7 months
Re: NSA denies ‘Raiders of the Lost Ark' stockpile of security vulnerabilities [Re: tdubz]
    #23529492 - 08/10/16 08:18 PM (7 years, 5 months ago)

All this secrecy stuff will become a joke once somebody discovers how to make quantum computing practical and cheap. Whoever does this will also attain god like status as well regardless of geopolitical positioning.

FWIW, the first thing your data is routed through before you truly get access to the internet is the metadata information and routing servers at Langly. If they find something they like, they send it to the Utah data analysis center. The NSA has a backdoor access key for all windows operating systems from 95 up to expedite this if need be. The last one that allowed easily closing the back door was XP. Windows 10 is the worst. Has a lot of features that give them a lot of info that you willingly share, but if directly asked would probably say hell no! Fortunately or unfortunately depending on your view, the sheer nature of this task makes it difficult to separate the signal from the noise.

With a quantum computer it would take but a few seconds to decrypt even the most secure encryption on the planet and analyze any complex data into whatever format you wish for whatever purpose you wish almost as fast.


--------------------
"Love one another." "To Love is to know me." "Love is the Law, Love under Will." "In Compassion, all sorrows end." Regardless of the Master, the message is the same- Choose love and you shall live, Choose Fear and you shall die. Help bring peace to this Earth: Love one another, and serve others before yourself.


Extras: Filter Print Post Top
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Re: NSA denies ‘Raiders of the Lost Ark' stockpile of security vulnerabilities [Re: Eywa_devotee]
    #23530190 - 08/11/16 03:41 AM (7 years, 5 months ago)

Yeah I know and agree with everything you are saying an yeah I have made several posts about quantum computing which is now a reality through NASA with the D-Wave I'm sure the NSA already has a beefed up version of it. The computer is there now it's just a matter of getting the instruction set to work correctly, but I agree quantum computing is the future of pretty much everything including cryptology.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom   Left Coast Kratom Buy Kratom Capsules


Similar ThreadsPosterViewsRepliesLast post
* NSA Bugged Website Visitors Despite Ban DiploidM 535 0 12/31/05 06:50 PM
by Diploid
* EFF - AT&T has sold you out to the NSA blink 676 4 04/08/06 10:53 PM
by Ythan
* Tryin to delete /Movies : Access Denied T0aD 1,171 8 12/07/03 07:07 PM
by TinMan
* lost everything, virus,destructive recovery, all media gone A3eyedfish 751 5 04/15/05 06:47 PM
by A3eyedfish
* Lost hardrive data Toddo 759 11 11/10/05 12:53 PM
by Microcosmatrix
* Scientists create super mice that regenerate lost limbs. Are super humans next?
( 1 2 all )
SkorpivoMusterion 2,648 22 10/06/05 06:13 PM
by RuNE
* NOOOOOO!!!!! Firefox Got Fucked! I lost soooo Much Fungi_x 1,467 12 05/12/05 12:02 PM
by Vvellum
* I lost my XP Pro CD. badchad 765 7 06/20/06 06:28 PM
by badchad

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
238 topic views. 0 members, 0 guests and 0 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.025 seconds spending 0.009 seconds on 14 queries.