On 4/14/2014 3:27 PM, Robert J. Hansen wrote:
Given the bug was introduced in March of 2012, that would mean the bug would
have had to been discovered, an exploit tested, a product weaponized, a product
distributed to end-users, and deployed by end-users against targets, all in
under a month from the moment the bug was introduced. I'm not saying it can't
happen, but a healthy distrust would seem appropriate here. Further, the use
of "at least" two years is meant to imply it could have been substantially
longer -- but it could not have been more than two years and a month. Between
that and the journo's mishandling of anonymous sources, I am not confident the
Bloomberg journo did his homework.
With respect to anonymous sources, the standard is generally --
1. You give their background, broadly speaking
2. You say something about where they got the information
3. You specify they asked for anonymity -- it wasn't your idea
4. You explain why you're granting anonymity
If you can't meet those four requirements, you don't use the source. If you
can't give the public information about their background and the source of
their information, then you can't give the public enough information to decide
whether your source is credible. And if you can't give the public enough
information to decide whether your source is credible, why should the public
believe you?
(ObDisclosure: I used to work as a tech journo. My four-point outline there
was the standard we used, and my editor was fastidious about enforcement --
whether it was as small as "one space after a colon and the word is
capitalized" or "four-point process for anonymous sources," Terry was on top of
things. I never used an anonymous source.)
I tend to agree, actually. As to Snowden, how exactly could a private
contractor have that level of security clearance, anyway? I said that the
report "suggests" NSA involvement - not that I agree. The anonymous sources
are a major problem for believability. The NSA has gotten a lot of bad press
lately, and it looks to me like Bloomberg (not the best source of information,
in general, IMHO) has jumped on the bandwagon.
Since I have NO security clearance with the NSA, I cannot comment on any
involvement, and I doubt anyone on this list, or the 'sources' have such
clearance to comment on it, either. So, I retain my disbelief.
Note: I only wanted to post those articles for people to be able to read and
make up their own minds. I will post no more here on this bug.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users