The bug... More info.
Christopher J. Walters
cwal989 at comcast.net
Mon Apr 14 21:42:54 CEST 2014
On 4/14/2014 3:27 PM, Robert J. Hansen wrote:
> Given the bug was introduced in March of 2012, that would mean the bug would
> have had to been discovered, an exploit tested, a product weaponized, a product
> distributed to end-users, and deployed by end-users against targets, all in
> under a month from the moment the bug was introduced. I'm not saying it can't
> happen, but a healthy distrust would seem appropriate here. Further, the use
> of "at least" two years is meant to imply it could have been substantially
> longer -- but it could not have been more than two years and a month. Between
> that and the journo's mishandling of anonymous sources, I am not confident the
> Bloomberg journo did his homework.
>
> With respect to anonymous sources, the standard is generally --
>
> 1. You give their background, broadly speaking
> 2. You say something about where they got the information
> 3. You specify they asked for anonymity -- it wasn't your idea
> 4. You explain why you're granting anonymity
>
> If you can't meet those four requirements, you don't use the source. If you
> can't give the public information about their background and the source of
> their information, then you can't give the public enough information to decide
> whether your source is credible. And if you can't give the public enough
> information to decide whether your source is credible, why should the public
> believe you?
>
> (ObDisclosure: I used to work as a tech journo. My four-point outline there
> was the standard we used, and my editor was fastidious about enforcement --
> whether it was as small as "one space after a colon and the word is
> capitalized" or "four-point process for anonymous sources," Terry was on top of
> things. I never used an anonymous source.)
I tend to agree, actually. As to Snowden, how exactly could a private
contractor have that level of security clearance, anyway? I said that the
report "suggests" NSA involvement - not that I agree. The anonymous sources
are a major problem for believability. The NSA has gotten a lot of bad press
lately, and it looks to me like Bloomberg (not the best source of information,
in general, IMHO) has jumped on the bandwagon.
Since I have NO security clearance with the NSA, I cannot comment on any
involvement, and I doubt anyone on this list, or the 'sources' have such
clearance to comment on it, either. So, I retain my disbelief.
Note: I only wanted to post those articles for people to be able to read and
make up their own minds. I will post no more here on this bug.
More information about the Gnupg-users
mailing list