Somehow I doubt Al Qaeda is using Juniper, but our allies (read: economic adversaries) are.<p>I hope the companies listed -- Dell, Cisco, Juniper, IBM, Western Digital, Seagate, Maxtor, et al -- are happy with themselves. The government's mantra has historically been similar to that of Microsoft's: embrace, extend, extinguish. The US Government is no different and they'll happily throw every company under the bus for the smallest advantage over their adversaries.<p>America's rivalry with China is continually climbing higher and higher, and we're getting dragged along whether we like it or not. The unshakable intertwining of private and public industries, the scorched-earth economic policies where private industry is consumed for the benefit of the public, the unlimited spying powers -- all to stay ahead of China.<p>The real kicker is that this kind of spying power compounds on itself -- as soon as we get Juniper gear exploited then we can move onto infiltrating Seagate's intranets, and then we can use Seagate exploits to more easily dig into hard-drives accessible by us/in custody by us. We may never be able to make a distinction between which tech companies have been exploited and which are wilfully/maliciously passing vulnerability information to the US Government.
This new information puts American companies at even more risk of lost sales since given two companies, American Company and Foreign Company, the NSA is always going to have a massive advantage in penetrating the American company to get as much information they want to produce these backdoors. Whenever they fail to remotely access the company networks containing the IP for all the equipment they want to target, they have many more options available to physically access the network of these companies, possibly going as far as having a mole working at the companies, exfiltrating the IP they need to produce the tools in the catalog or even deliberately putting in backdoors.<p>This is probably the most damning information I've seen of NSA activities. This is anti-American activity since it clearly harms US economic interests. This coupled with the policy that spying on foreigners is fair-game is enough reason to give any foreign government or company enough reason never to purchase equipment from US tech companies.<p>As an engineer in the US, this makes my blood boil. I really hope that this new information generates more interest in open-source network software and hardware.
After all these years of free software proponents advocating for open source BIOSes and getting mocked for their supposed impracticality, we see the truth.
The NSA must have an enormous pile of unkown exploits to facilitate all that. I wonder how they prevent other US agencies and government networks to be vulnerable to the exploits the NSA uses itself, or if they even bother trying to do that.<p>Leaving pretty much the entire IT infrastructure vulnerable seems like a very dangerous strategy.
The damage that this does to US software and hardware manufacturers and service providers like hosting companies is incalculable. The NSA is providing a strong ongoing incentive to buy your hardware offshore and host your servers offshore. As an American entrepreneur I'm horrified by the long term implications of this. It seems for all the mathematicians they employ they're unable to see that the long term cost of these programs far outweighs the short term benefits.
This is it.<p>Literally everything is infected.<p>Again, either the NSA goes (and you know that won't happen) or information technology goes or democracy as we know it goes.<p>Everyone, take your pick now.
So essentially an internal, military-grade Metasploit.<p>It's not surprising that NSA would develop and maintain a strong repertoire of exploits for popular infrastructure. What else did you think an organization tasked "to produce foreign signals intelligence information" was doing with all those computer security experts on staff?<p>Is there evidence that NSA was <i>planting</i> backdoors or that US tech firms were cooperating? Isn't it more likely that NSA was simply discovering (and possibly purchasing) 0-days just like everyone else?<p>They can do that with foreign equipment just as easily. Switching to non-US hardware is just irrational.
Stallman was right. Again. <a href="http://stallman.org/stallman-computing.html" rel="nofollow">http://stallman.org/stallman-computing.html</a><p>Trust nothing. Everything is a lie.
How on earth could this possibly be verified?<p>If I was the NSA right now, I would be "leaking" tons of fake, and fantastic, stories about myself in order to discredit any legitimate concerns.<p>I can imagine the talking heads now "well what else were these conspiracy theorists wrong about? Personally I'm glad somebody is out the protecting our freedom."<p>etc.
This sorts news makes me shake my head.
The scammers are trying to get in, the NSA is in, and now every other state security organisation will feel if they don't try to get in they will be falling behind.<p>All I want is to do is keep clients safe and out of all this cross-fire.
With a proper oversight regime and individualized warrants, I can see this being an acceptable use of NSA power. With the absurd degree of intrusive latitude the NSA possesses now, it just makes it easier for them to violate civil liberties on a massive scale. Very few people can avoid being compromised by backdoors in these devices and companies, the same way very few people can avoid the physical threat of government aggression. The difference is that the latter has a far more robust system of controls to ensure it is used judiciously and ethically. Until the former has the same, we need to do everything we can to limit or invalidate the NSA's power.
How did this get submitted when the exact same link was posted 2 hours ago? <a href="https://news.ycombinator.com/item?id=6979240" rel="nofollow">https://news.ycombinator.com/item?id=6979240</a>
This article feels like it may be somewhat misleading around the use of the term "back door".<p>If the NSA has infact backdoored all of those products, kudos for keeping it quiet for this long!<p>if however these products have vulnerabilities in them, like all software does, and the NSA have access to these vulnerabilities (like numerous other people do), it's not quite as devious.<p>In that case they didn't have a super-secret backdoor installed with no-one noticing, but in fact discovered that the window wasn't locked, and kept that a secret.
Mostly OT: besides the technical details, I'm interested in seeing the actual descriptive text for these items. In my mind, the tone would be something similar to this parody <a href="http://www.teamfortress.com/sniper_vs_spy/day04_english.htm" rel="nofollow">http://www.teamfortress.com/sniper_vs_spy/day04_english.htm</a>