A Look at the NSA's Most Powerful Internet Attack Tool 154
realized writes in with a closer look at the NSA's QUANTUM system. "Today QUANTUM packs a suite of attack tools, including both DNS injection (upgrading the man-on-the-side to a man-in-the-middle, allowing bogus certificates and similar routines to break SSL) and HTTP injection. That reasonable enough. But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.) And it allows the NSA to hijack both IRC and HTTP-based criminal botnets, and also includes routines which use packet-injection to create phantom servers, and even attempting (poorly) to use this for defense."
I wonder (Score:5, Insightful)
all these software engineers that work for nsa/gov , do they have any fucking morals? do they really believe they are securing the world from the evil guys? are they kept at gunpoint? are they just plain stupid? Fail to realize that us, the makers , have all the power is the worst mistake. Plant secret backdoors, failure modes, weaknesses. Be in charge. You don't owe anything to these black suits. Wake fucking up.
wishful thinking (Score:5, Insightful)
Re:I wonder (Score:4, Insightful)
It probably pays well.
Re:I fully support this (Score:5, Insightful)
You know, one of these days, you will be the one arrested and thrown in prison without due process for 'terroristic acts', or some other set of stacked charges that cannot be challenged in court because they're matters of 'national security'. It's people like you that allow wannabe tyrants to bypass civil liberties and seize power in the first place. It is a known fact that the feds are breaking the law to pursue their own political or financial agendas. While it is true that the NSA/CIA were chartered to monitor foreign governments, what they've been up to since then has obviously come up short of expectation. They need reigning in and refocusing. Heads need to roll.
Governments are only ineffective at the things they promised but aren't in the best interests of the high level bureaucrats. Governments are scarily effective at doing whatever it is those in power really want to do. After all, all an employer can do is fire you, but a government can throw you in a box and toss the key.
I fear the federal government more than some 13th century thugs from the middle east. Groupthink is the most powerful religion in existence. bin laden's goal was to get us to do his work for him, to destroy ourselves from within. So far, he's won every battle.
Re:I wonder (Score:2, Insightful)
Whats this 'faith' nonsense your on about?
50 years and he still didnt realise what he was believing in --> a fool.
Also why arent you respecting my belief / perspective that 'faithers' are just fools to be laughted at, maybe it's you who needs to grow up.
It is the private sector (Score:5, Insightful)
So that's for the private sector. How the customers in the private sector commission the work and pay for it would make an interesting story. Perhaps they pay via political campaign finance? Let's open that can of worms.
Re:I fully support this (Score:5, Insightful)
"All this crying about it being a slippery slope isn't making us any safer."
I don't know anything about slippery slopes, but I do seem to recall a famous quote about something to do with eternal vigilance and freedom.
boiled frogs, would be my guess as a security prof (Score:4, Insightful)
My guess, as a security professional who could have been recruited for a three-letter agency, is that many of them are boiled frogs. There are technical challenges that smart geeks love, plus the whole hacker mystique, but you don't want to be criminal, so you go white-hat, hacking bin Ladin. That adds the whole "international spy" thing into it and maybe you help catch some really bad guys. That would be awesome, spying on al Qaeda. Hmm, if you expanded that technique you could catch a lot of bad guys. So you expand it to log calls to and from Iraq, Afghanistan, and Syria. After a few years, you end up in a place you never would have knowingly sought to go.
Story writer didn't read own story. (Score:5, Insightful)
But it also includes gadgets like a plug-in to inject into MySQL connections, allowing the NSA to quietly mess with the contents of a third-party's database. (This also surprisingly suggests that unencrypted MySQL on the internet is common enough to attract NSA attention.)
When the author wrote that part of the story, he or she seemed to be unaware of what he or she had just written:
allowing bogus certificates and similar routines to break SSL
By breaking SSL, the NSA has access to SQL queries whether or not they're encrypted.
Re:I fully support this (Score:2, Insightful)
You may be right, but in my opinion what's wrong with extreme surveillance is that you can get flagged just for searching the internet for knowledge, or you avoid pursuing more knowledge in the fear of being flagged.
An example: you often see in movies that some criminal builds a pipe bomb with instructions found on the web. I've always been curious of knowing if that's really possible, but I never searched that on the web. Notice, I didn't want to build one, just to know if the average crazy man could really do that and be a danger for others.
Another example: whes studying nazism in history, or watching tv documetaries about that, I've always been curious about the book that Hitler wrote, just to know more about the state of mind that made such abomination possible. Again, never dared to search someting about it, not even on wikipedia.
Now my country hasn't got something like NSA, but I think it's only a matter of time, but I challenge any USA citizens to search for such things on the web just for their personal knowledge, without being afraid.
Re:I wonder (Score:3, Insightful)
Riiiight, because your faith is magically better then his faith ???
Rather, my lack of faith is better than his faith.
Grow the fuck up and learn some respect for a different perspective / belief.
Grow the fuck up (Not necessary; just stop being an idiot.) and realize that people don't have to respect other people's bullshit perspectives/beliefs.
Re:I wonder (Score:2, Insightful)
This is Slashdot. If you want to have an imaginary friend go for it, but don't broadcast your special combination of insanity and stupidity to the majority of us who lack an imaginary friend. There are places where you can go talk about how your wonderful all knowing all loving imaginary friend will smite you if you don't bow to him and tell him how great he is on many, many websites where you will find your insane ramblings welcomed with open arms. That's fine with me. That's your right. Just stop that kind of ridiculous bullshit when you are here.