On 4/14/2014 3:27 PM, Robert J. Hansen wrote:
Given the bug was introduced in March of 2012, that would mean the bug would have had to been discovered, an exploit tested, a product weaponized, a product distributed to end-users, and deployed by end-users against targets, all in under a month from the moment the bug was introduced. I'm not saying it can't happen, but a healthy distrust would seem appropriate here. Further, the use of "at least" two years is meant to imply it could have been substantially longer -- but it could not have been more than two years and a month. Between that and the journo's mishandling of anonymous sources, I am not confident the Bloomberg journo did his homework.With respect to anonymous sources, the standard is generally -- 1. You give their background, broadly speaking 2. You say something about where they got the information 3. You specify they asked for anonymity -- it wasn't your idea 4. You explain why you're granting anonymity If you can't meet those four requirements, you don't use the source. If you can't give the public information about their background and the source of their information, then you can't give the public enough information to decide whether your source is credible. And if you can't give the public enough information to decide whether your source is credible, why should the public believe you? (ObDisclosure: I used to work as a tech journo. My four-point outline there was the standard we used, and my editor was fastidious about enforcement -- whether it was as small as "one space after a colon and the word is capitalized" or "four-point process for anonymous sources," Terry was on top of things. I never used an anonymous source.)
I tend to agree, actually. As to Snowden, how exactly could a private contractor have that level of security clearance, anyway? I said that the report "suggests" NSA involvement - not that I agree. The anonymous sources are a major problem for believability. The NSA has gotten a lot of bad press lately, and it looks to me like Bloomberg (not the best source of information, in general, IMHO) has jumped on the bandwagon.
Since I have NO security clearance with the NSA, I cannot comment on any involvement, and I doubt anyone on this list, or the 'sources' have such clearance to comment on it, either. So, I retain my disbelief.
Note: I only wanted to post those articles for people to be able to read and make up their own minds. I will post no more here on this bug.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
