How the NSA shot itself in the foot by denying prior knowledge of Heartbleed vulnerability http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed-flaw-7000028366/
Summary: In admitting it didn't know about a massive security flaw in one of the Web's most used encryption libraries, the NSA inadvertently revealed a massive institutional failure. ... snip ... there are various tools and techniques for looking for length related vulnerabiilties. in this case, the agency is caught between rock and hard place ... denying it knew about the vulnerability implies incompetence ... while if it knew and didn't tell questions its motives. one goes along with the spreading "success of failure" culture http://www.govexec.com/excellence/management-matters/2007/04/the-success-of-failure/24107/ after the congressional "success of failure" investigation, the agency was put on probation and not allowed to manage its own projects. past posts http://www.garlic.com/~lynn/submisc.html#success.of.failure it is possibly exhaserbated by the increasing privatizing with at least 70% of its budget and over half the people working for for-profit companies ... which may not have the same motivations as the agency. Spies Like Us http://www.investingdaily.com/17693/spies-like-us/ How Booz Allen Hamilton Swallowed Washington http://www.zerohedge.com/news/2013-06-23/visualizing-how-booz-allen-hamilton-swallowed-washington Investigate Booz Allen Hamilton, not Edward Snowden; The firm that formerly employed both the director of national intelligence and the NSA whistleblower merits closer scrutiny http://www.theguardian.com/commentisfree/2013/jun/14/edward-snowden-investigate-booz-allen there is even small IBM relationship ... after Gerstner left IBM, he went on to head up a major private-equity company ... which then bought Booz. Lots of articles about companies bought by private-equity companies are under heavy pressure to service the debt load (loan to buy company is put on that companies books, analogy with house flipping except company can be sold for less than it was bought and the private-equity company still makes enormous profit ... since it doesn't have to pay off the loan). over half corporate defaults are by companies currently or formally owned by private equity. http://www.nytimes.com/2009/10/05/business/economy/05simmons.html?_r=0 past posts http://www.garlic.com/~lynn/submisc.html#pivate.equity past posts http://www.garlic.com/~lynn/submisc.html#gerstner recent heartbeat/heartbleed &/or NSA: http://www.garlic.com/~lynn/2014e.html#27 TCP/IP Might Have Been Secure From the Start If Not For the NSA http://www.garlic.com/~lynn/2014e.html#29 The mainframe turns 50, or, why the IBM System/360 launch was the dawn of enterprise IT http://www.garlic.com/~lynn/2014e.html#32 The dark side of digital banking http://www.garlic.com/~lynn/2014e.html#33 As US card fraud rises, firms increase security spending http://www.garlic.com/~lynn/2014e.html#38 Before the Internet: The golden age of online services http://www.garlic.com/~lynn/2014e.html#42 Semi-OT: Government snooping was Re: Is there any MF shop using AWS service? http://www.garlic.com/~lynn/2014e.html#45 TCP/IP Might Have Been Secure From the Start If Not For the NSA http://www.garlic.com/~lynn/2014e.html#47 TCP/IP Might Have Been Secure From the Start If Not For the NSA http://www.garlic.com/~lynn/2014e.html#54 Before the Internet: The golden age of online services http://www.garlic.com/~lynn/2014e.html#56 "NSA foils much internet encryption" http://www.garlic.com/~lynn/2014e.html#57 NSA and Heartbleed -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
