Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't this what the NSA is for? Also, I think we have plenty of reason to believe they regularly try to penetrate powerful companies, they just don't necessarily tell us when they do.


I've never heard anything about the NSA telling a company they have a security vulnerability. Have you?


Not the NSA, but I know of at least one time the FBI did: https://arstechnica.com/security/2024/01/chinese-malware-rem...


https://www.cbsnews.com/news/nsa-microsoft-vulnerabilities-m...


That was probably because the NSA and other critical government agencies use Microsoft Exchange and it was a bug found in the wild.

But if it wasn't a bug found in the wild, can you imagine the fights between the NSA red and blue teams on whether to alert Microsoft about it?


Probably not a lot at all tbf


I don't have citations on hand, but it's commonly held that NSA fixed the S-boxes in IBM's "Lucifer" cipher design for DES to improve its resistance to (then publicly-unknown) differential cryptanalysis.

Of course they also crippled the key length to 56 bits...


They absolutely have bugs up their sleeve, but if they tell the companies to allow them to fix them then they can't use the bugs for spying (or at least, not as effectively)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: