The NSA should security issues found the service in most cases and not disclose abuse. That U.S. President Obama decided. However, there is an exception for “homeland security and law enforcement.”
If security problems are reported, they can be solved, writes the American newspaper The New York Times, which relies on anonymous sources. According to the newspaper, the exception for internal security and maintaining law may, however, mean that the service is still security problems can abuse.
Obama would be the decision whose impact thus remains to be seen, have taken. In January A committee that took over the powers of the NSA under the microscope, then ordered to leave installation. NSA no longer vulnerabilities in encryption systems Additionally would zero-day security issues, for which no patch is available, should be patched rather than abused.
Friday, reported an American news agency that the NSA would have made Heart Bleed, a bug in OpenSSL which results in parts of the internal memory of a vulnerable server, clients can read for two years. abuse The NSA would have kept the bug so that the bug was not patched and could be abused. Permanently shut The NSA denies that. Recently, the bug yet discovered and patched.
U.S. government officials have been critical of the decision by Obama. She signs that foreign governments such as those of Russia and China will not follow the example of the United States, and that the abuses of unpatched security vulnerabilities may lead to a war is prevented. Previously abused NSA zero-day vulnerabilities to interfere with the Stuxnet virus. Iranian nuclear plant
Moreover, the NSA may already patched vulnerabilities continue to abuse:. Many computer users do not update their software