<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, без засечек;font-size:10pt"><br>Is it really so egregious? I'll let you be the judge! <br><br><div>1. <a href="http://www.c-span.org/video/?c4486712/sen-feinstein-accuses-cia-searching-congressional-computers" target="_blank">http://www.c-span.org/video/?<wbr>c4486712/sen-<span class="il">feinstein</span>-<wbr>accuses-cia-searching-<wbr>congressional-computers</a><br>
</div><div>2. <a href="http://www.c-span.org/video/?c4486741/dianne-feinstein-cia-separation-powers" target="_blank">http://www.c-span.org/video/?<wbr>c4486741/<span class="il">dianne</span>-<span class="il">feinstein</span>-cia-<wbr>separation-powers</a><br></div>3. <a href="http://www.c-span.org/video/?318232-5/sen-feinstein-alleges-improper-cia-search-congressional-computers" target="_blank">http://www.c-span.org/video/?<wbr>318232-5/sen-<span class="il">feinstein</span>-<wbr>alleges-improper-cia-search-<wbr>congressional-computers</a><br><div><br></div>  <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, без засечек; font-size: 10pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, без засечек; font-size: 12pt;"> <div dir="ltr"> <hr size="1">  <font face="Arial" size="2"> <b><span style="font-weight:bold;">От:</span></b> Delton Barnes
 <delton.barnes@mail.ru><br> <b><span style="font-weight: bold;">Кому:</span></b> tor-relays@lists.torproject.org <br> <b><span style="font-weight: bold;">Отправлено:</span></b> суббота, 12 апреля 2014 13:45<br> <b><span style="font-weight: bold;">Тема:</span></b> Re: [tor-relays] NSA knew about Heartbleed<br> </font> </div> <div class="y_msg_container"><br>Jesse Victors:<br clear="none">> "The U.S. National Security Agency knew for at least two years about a<br clear="none">> flaw in the way that many websites send sensitive information, now<br clear="none">> dubbed the Heartbleed bug, and regularly used it to gather critical<br clear="none">> intelligence, two people familiar with the matter said. The NSA said in<br clear="none">> response to a Bloomberg News article that it wasn?t aware of Heartbleed<br clear="none">> until the vulnerability was made public by a private security report.<br
 clear="none">> The agency?s reported decision to keep the bug secret in pursuit of<br clear="none">> national security interests threatens to renew the rancorous debate over<br clear="none">> the role of the government?s top computer experts."<br clear="none"><br clear="none">I'm skeptical of this report.  The Office of the Director of National<br clear="none">Intelligence responded to the story by saying:<br clear="none"><br clear="none">"Reports that NSA or any other part of the government were aware of the<br clear="none">so-called Heartbleed vulnerability before 2014 are wrong"<br clear="none"><br clear="none">This is believable because if it were a lie, they would risk an outright<br clear="none">contradiction from a leak or Snowden document, which would further<br clear="none">damage their already terrible credibility and reputation.<br clear="none"><br clear="none">"Two sources familiar with matter" could merely be two computer
 security<br clear="none">experts who have an unsubstantiated opinion that the NSA was exploiting<br clear="none">this beforehand.  We have no idea how credible these sources are.<br clear="none"><br clear="none">One thing I am sure of is this generated a lot of clicks for Bloomberg.<br clear="none"> NSA rumors involving hot technology topics seems like a good way to<br clear="none">make money for a news website.<br clear="none"><br clear="none">That said, if you carefully parse the statement from DNI, it seems to me<br clear="none">to imply they were aware of the Heartbleed vulnerability in 2014.  Why<br clear="none">would they say "before 2014" instead of "before its disclosure Monday"<br clear="none">or something?  They may have known about it weeks or months in advance,<br clear="none">and been exploiting it or patching their systems.  But that is not as<br clear="none">egregious as it would be to conceal this flaw for years.<br
 clear="none"><br clear="none">Delton<div class="yqt5326135445" id="yqtfd31814"><br clear="none">_______________________________________________<br clear="none">tor-relays mailing list<br clear="none"><a shape="rect" ymailto="mailto:tor-relays@lists.torproject.org" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br clear="none"><a shape="rect" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br clear="none"></div><br><br></div> </div> </div>  </div></body></html>