Roger Dingledine arma@mit.edu wrote:
On Sat, Apr 12, 2014 at 08:45:23PM +0000, Delton Barnes wrote:
"Two sources familiar with matter" could merely be two computer security experts who have an unsubstantiated opinion that the NSA was exploiting this beforehand. We have no idea how credible these sources are.
I agree.
I'm assuming that particular article is nonsense until somebody shows up with some actual details. I guess it's hot to point at NSA conspiracies these days. But doing it in this case undermines the *actual* NSA conspiracies that we should indeed be upset about.
Roger, I'll grant you that the article remains unproven. However, any claims made by NSC or NSA spokespersons also remain not credible by default without sufficient, verifiable proof ever since both Clapper and Alexander committed the felonies of perjury under oath on high-fidelity audio and video, still available for public viewing from the C-SPAN web site AFAIK, especially given that nary a hint of either an inquiry of impeachment or a criminal investigation for either perp has been detected to date. When the members of the nobility know that they remain untouchable for crimes they commit, why should their underlings following their orders be thought to be acting any differently or with any less impunity? The starting position under such circumstances should be that if those people say anything at all that they are lying or attempting to mislead. Sufficient, verifiable proof must be provided to counter that initial presumption. In contrast, the initial presumptions regarding the journalists, while waiting for evidence, might properly be correlated with the past performance of the same journalists w.r.t. accuracy of claims made.
Maybe there *is* yet another NSA conspiracy here, but I don't believe in one any more after reading the article than before it.
That said, if you carefully parse the statement from DNI, it seems to me to imply they were aware of the Heartbleed vulnerability in 2014. Why would they say "before 2014" instead of "before its disclosure Monday" or something?
Careful here -- the article is selectively quoting, maybe to stir things up more. The actual phrase from the DNI denial is "before April 2014".
In any case, the conclusion ("oh crap, upgrade and throw out your old keys") is still accurate.
I concur completely. BTW, so far I'm seeing only a slight dip in the number of relays assigned the "Named" flag, which suggests to me that not many relay operators have changed signing keys yet.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *or* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************