The NSA’s On The Wrong Side Of Heartbleed

Since this entry was published the NSA had denied any part in knowing the Heartbleed flaw existed. Their adherence to the truth has been less than exemplary in the past. Let’s let this play out. – Geoff

heartbleedYou’ve probably heard about the Heartbleed bug by now. It’s a flaw introduced to to SSL (Secure Sockets Layer); a mistake as code was updated.

Simply put, Internet data transmissions we thought were secure were not. Things like passwords, financial information, anything private was easily cracked.

The bug languished mostly unknown for years. That’s called security by obscurity. Never a good idea. We’re seeing that now.

As far as I can tell Heartbleed’s never been exploited for nefarious commercial purposes. It has that potential. However, it has been exploited by our government’s spies!

The NSA knew Heartbleed existed. They had a choice, tell the maintainers of the code to fix it or exploit it themselves and leave us vulnerable. They chose the latter.

Now, because the NSA felt their ability to soak up data trumped our collective security, Heartbleed is a big deal! Leaving this security hole open for years is reprehensible.

More and more it seems America’s intelligence agencies, beginning with the NSA, are out-of-control. They have lost sight of their actually mission–protecting us. Instead we are more vulnerable and our international partners know we can’t be trusted with their precious secrets.

This story was broken by Michael Riley at Bloomberg News.

“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”

It’s time we have a come to Jesus meeting with our spies. Is everyone in Washington that scared of them?

The Great Google, Firefox, Fortigate Incompatibility Caper

You expect problems like these to follow hard and fast rules. What am I doing differently the fifth time I press retry than the fourth or third or second?

gmail-ssl-error-message.png

Don’t feel alone. I don’t understand what that error message is saying either. I’m just plagued with it!

It’s a tech problem at work. It’s an incompatibility between Firefox 3.0, Google’s encrypted sites (like Gmail, Adsense, Webmaster Tools, Google Docs, etc) and our Fortigate firewall. Intermittently my web requests to Google get rejected with error messages. It can take a half dozen retries before my Gmail is sent or other task completed.

It’s a strange problem because it’s both software related and intermittent. You expect problems like these to follow hard and fast rules. What am I doing differently the fifth time I press retry than the fourth or third or second?

There is very little about this online. I can find people with my problem. I find a smaller subset who’ve realized it’s this specific firewall box that’s the wild card. I can’t find anyone with concrete tips to make the problem go away!

It wasn’t this way until Firefox went from version 2 to 3. It only happens with Google’s SSL encrypted sites.

It’s driving me slightly nuts.