Slashdot Mirror
Computer Science Professor Mocks The NSA's Buggy Code (softpedia.com)
After performing hours of analysis, a computer science professor says he's "not impressed" by the quality of the recently-leaked code that's supposedly from an NSA hacking tool. An anonymous Slashdot reader writes: The professor, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago, gripes about the cryptography operations employed in the code of an exploit called BANANAGLEE, used against Fortinet firewalls. Some of his criticism include the words "ridiculous", "very bad", "crazy" and "boring memory leaks".
"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.
If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...
"I would expect relatively bug-free code. And I would expect minimal cryptographic competence. None of those were true of the code I examined which was quite surprising," the professor told Softpedia in an email.
If these were cyberweapons, "I'm pretty underwhelmed by their quality," professor Checkoway writes on his blog, adding that he found "sloppy and buggy code," no authentication of the encrypted communication channel, 128-bit keys generated using 64 bits of entropy, and cypher initialization vectors that leaked bits of the hash of the plain text...
The real issue is what was exploited that one should be concerned about the quality of the code. "Oh man your shell scripts suck!"
Photos of the professor with under age children have been appearing all over the internet.
People have been puzzled why the material was on otherwise innocuous sites.
I'm guessing that time to live is more important than having everything looking pretty with your i's dotted and t's crossed. These tools are for exploits that may not be around for ever. Getting the code live and useful is more important than anything else.
"I would expect relatively bug-free code."
And you say you are some kind of academic?
Those who can't, teach!
Those in the middle, read comments here!
God is great! Ayaaayyyaayyya!
Remember, these are the people who want "Front Door" access to your computer. Without a warrant, without oversight.
You can trust them, they are the most skilled cyber-warriors on the planet!
Give them the keys to your front door, both physical and virtual! They are super competent and trustworthy.
Clearly the NSA leaked these tools with built-in weaknesses so they could get others to install them, then they get to use them.
You think this "leaked" code is the real thing?
If Slashdot were chemistry it would look like this:Cadaverine
You don't like someone? All you have to do is place child porn pictures on their computer, alert the authorities, and even if they've never seen the pics, they are going to the hole for a long time. And it's quite easy to get the pics there too. USB, web link, email attachments, all so easy, and once the evidence is there, you're screwed, even if you deleted it, short of reinstalling windows, (and even that might not work) or replacing new harddrive.
The police and society at whole have no sympathy for "child molestors", despite the fact that VIEWING A PICTURE IS AN INNONCENT CRIME. But people just believe the hysteria, for the children nonsense, etc. and run with it. Or some are just on power trip and love to see others locked away for 10+ years for an activity that didn't harmed anyone.
I'm honestly surprised a lot more people don't try it, seeing how easy it is to frame someone with it. Welcome to 1984.
Security vulnerabilities are discovered and patched all of the time. It doesn't make sense to spend a lot of time writing extremely meticulous code for an exploit that could be patched by the time you're done writing the exploit code. Combine that with the fact that there's probably a ton of vulnerabilities in a lot of different applications, drivers, and firmware and it probably makes more sense to focus on quantity of exploits rather than quality.
Our best guy is on vacation in Moscow.
Have gnu, will travel.
There will always be bugs in software it's how you mitigate / react to them that counts in this day and age. I wonder if this guy has ever written anything other than research papers?
We should privatize our security, and make the NSA as well as the military a publicly traded corporation.
I know! Let's outsource it all to Microsoft!!
I am sure that there are many other solipsists out there.
Yeah, the pakis and Chinese can't code for shit.
it would be written very fast; the goal being to get it functional as fast as possible, not to make it bullet proof nor do more than what it is supposed to do. So i'm not surprised how shit it is.
Trump will run the USA like a business, that's why he has my vote, although he hasn't announced privatisation of vast parts of the government yet, which I would really like.
And that is good because on average, every second business goes bankrupt after two years, right? Donald Trump has extensive experience in running businesses going bankrupt.
ok so like the NSA got pwnt because they asshat-miscrypto-cleartexted the shit out of trillions of dollars worth of strategic vital interest defensive and offensive cyberweapons while exposing us to digital armageddon by revealing a global infrastructure of intentionally, illegally, and poorly back-doored hardware while being recorded for 3 years by our enemies engaging in top secret god knows what the fuck in an information age geopolitical information warfare climate of 2013-2016? did i get this correct guys? oh and never mind the global financial race between thousands of entities to to buy 1/28th of the bitcoin market which doesnt have enough liquidity and a low cap that will crash the world finacial economy and make the shadow brokers owners of about 1/30th of the global electronic currency system (assuming they only sell it once, which they wont). the jfk assassination is starting to look like a day in the life of the kardashians. #makeamericagreatagain #blacklivesmatter #pewdiepie
Cute that you think its a partisan issue
.....is what they're thinking I'm sure. They probably destroy the VM after using the tool anyway.
Twinstiq, game news
Consider the possibility that the leaked code may be disinformation.
Isn't most of this coding already privately contracted to companies like Northrop Grumman and Raytheon?
Microsoft sued the government to protect its users. Google had a revolving door to the whitehouse installed. You are barking up the wrong tree.
In retrospect.
Suddenly those spent costs no longer seem like they should have cost as much.
And those lessons learned? We should have just known those!
It's why industry refuses to spend anything on basic research anymore. SOO inefficient, and with priorities that make no sense to some random consultant or investor.
[sarcasm]
Pff - NASA, I could do better than that! Here - I'll just make up an ideal, say, random number generation that I just happen to have a library of code on, and WOW - I do SO MUCH BETTER than them. Not impressed, NASA, not impressed.
I don't even have to bother understanding the ideals that their code was actually built towards!
[end sarcasm]
Ryan Fenton
Yep and the government if it was a business would have been bankrupt long ago.
Anywhoo, back in the '90's I worked for a company that was getting a B2 Certification for its operating system. My job basically consisted of reading the entire AT&T C standard library code, finding potential security flaws, writing tests for those flaws and then writing a report with the tests which would be delivered to the NSA. I found the remote buffer overflow in the AT&T telnet daemon a couple years before the same overflow was discovered in the Linux telnet daemon. So the NSA basically outsourced the hard work of finding all those exploits to the companies that were trying to get security certifications. It took three or four guys just a few months to go through all the stuff we had to look at. I'm sure we missed a bit, but I was much more confident in the security of their OS at the end of all that. Too bad they eventually went out of business, were acquired by IBM and their products were killed. You know, progress!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's not cute that you don't think it is.
And it's not the quality of the tools used against the people, it's the willingness to use them that is something that must be considered in choosing leftist leadership.
Already done. Who do you thinks writes it for them?
It's widely known that the best and brightest Americans rarely work for the government. The bureaucracy is slow, filled with low intelligence and rules oriented persons, and is generally allergic to actually getting anything useful done. Oh, and the pay sucks too. What's not to like if you're a young, intelligent and entrepreneurial techie? As it turns out, quite a bit. It should surprise nobody then that the best techies work in the private sector and government gets whatever is left to write poor quality code with very short shelf life.
Just like we should privatize our prisons, eh? And how has that worked out?
One thing decades as a developer has taught me is to avoid hubris about bugs. Even good programmers make bad mistakes. Software development on a large scale is a social process, and the less transparent that process is the greater opportunity bad decisions have to escape scrutiny.
It doesn't surprise me at all that secretly developed software has obvious mistakes in it -- obvious to outsiders that is.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
He can mock their code but thats how they got all his emails, internet browsing history, phone calls, text messages and gps coordinates for the last 10 years or more...
Riiiight.
"Hot line to the NSA
It's gotten to the point where no vendor hip to the NSA's power will even start building products without checking in with Fort Meade first. This includes even that supposed ruler of the software universe, Microsoft Corp. "It's inevitable that you design products with specific [encryption] algorithms and key lengths in mind," said Ira Rubenstein, Microsoft attorney and a top lieutenant to Bill Gates. By his own account, Rubenstein acts as a "filter" between the NSA and Microsoft's design teams in Redmond, Wash. "Any time that you're developing a new product, you will be working closely with the NSA," he noted. "
http://www.cnn.com/TECH/comput...
Well, whaddaya expect? The gubment put the task out to bid. The lowest bidder got the contract with a lowball bid. in order to make money, they hired H1B visa holders to do the coding, and gave them impossible deadlines. But, hey, the code was good enough for government work.
Is it possible the NSA knows something about existing pseudo-random number implementations and is purposefully working around that issue in this code? The professor seems to ignore this possibility.
I hate this trope
Govt *isn't* a business in the traditional sense of the word and we shouldn't expect it to be
Did he consider that perhaps NSA is smart enough to not leave their fingerprint i.e. NSA-like code all over the exploits? There are more layers of security to consider than the code itself and plausible deniability ought to be right up there should the code ever get leaked. They also have been known to buy exploits on the black market, which would also have the added benefit of concealing the true source of the hacks.
0xDECAFBAD Indeed.
Cute that you think its a partisan issue
I think it would be a disaster if Trump won, and that is not entirely because of what trump would do. Simply put if you can regularly get elected on a stack of blatent lies this bad, then democracy is in trouble.
That being said, I see no evidence this is a remotely partisan issue. Bernie might have done something, maybe. Neither Hillary or Trump is likely to do anything.
Rather rich given the two presidents with the biggest domestic spying operations were Nixon and Bush Jr.
What if the shadow brokers didn't hack and steal NSA code, but simply had some part in writing the code to begin with and perhaps what they're selling is unrefined prototypes?
Frankly I have no reason to believe that the shadow brokers and the equation group are even separate entities. If equation group are as good as they are supposed to be, then it makes more sense that for some reason equation group are playing a game with the public. (I highly doubt they'd try and play a game with the NSA.)
I have also seen that the NSA has been trying to make itself somewhat more transparent and useful to the public in the last eight years. Not exactly taking strides but there have definitely been gestures. Perhaps this is the only way they know how to release tools to the public while avoiding accountability under a government that doesn't comprehend the benefits of transparency or educating the masses in cyber security. It would also explain how federally held bitcoins have been trickling into the shadow brokers' wallet.
Just sayin'.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Expert: I mean, look at it - it's a bunch of nails and duct tape around a low explosive core which doesn't have nearly the proper confinement for even 50% of the maximum shock wave capable, much less the ability to transition to detonation. And this wiring - that's just disgraceful - the solder didn't even flow properly here, and this is entirely unsheilded - anything could set this off accidentally, even a cell phone. If you were in my training program, you're fail miserably.
Terrorist: We used one of these yesterday to kill 25 people and injure another 70 in a market in Aleppo.
Expert:...
Is it just my observation, or are there way too many stupid people in the world?
https://www.youtube.com/watch?v=LdZFmeMWrtk&feature=youtu.be&t=112
(c) John Cleese
great watch btw
now what has been leaked looks to have lost credibility, and looks like it is bait-ware.
I would bet it is crappy - the actual tools are built by committee and non-technical folks make technical decisions and assert things like "get that done today or else". I bet there is some crappy in the actual code. I don't know how much.
I'm betting that the ones who got robbed are the incompetent boobs of the bunch. I bet also that the highly competent folks figured out the boobs might get hacked and left some "breadcrumbs" in the system.
NSA has been around for more than 60 years and no party has stopped them during this time.
What is your excuse for the other party?
The problem is clearly people who are willing to defend one of the two major parties.
They are lower than cucks, they love getting screed as much as they enjoy watching everyone else getting screwed.
Why does softpedia link to everything except the source?
https://www.cs.uic.edu/~s/musi...
It's too easy to pick things that make no sense to you apart. I don't understand x, y and z and therefore I conclude in typical know it all academic think "This is ridiculous". The following is just conjecturbation and is likely to be totally wrong.
If your deriving a symmetric encryption key you never actually transmit perhaps some nerfing is intentional so the intended receiver has a prayer of expending energy to derive it. There could be a calculation embedding asymmetric keys is an unnecessary (attribution?) risk leaving crap like this where anyone with sufficient resources could plausibly decrypt a more appealing option.
The consequence of not using random IVs is situation dependent and can range from the safe default of very detrimental to beneficial given certain operating constraints.
Authentication is a double edged sword. If your adversaries don't know what key or data they are looking for providing a known authentication mechanism is an unnecessary gift.
Buggy code = hey some script kiddie put this crap on our system.
Gleaming perfect code = hey, this must be a nation state or some nationally backed entity.
...in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity...
Not exactly the best charter statement for a profitable business.
128-bit keys generated using 64 bits of entropy
I'd like to see the professor brute forcing 64 bits to show exactly how weak that is.
The ignorant masses have exaggerated the powers a President has. This exaggeration also applies to the powers and capabilities of the intelligence agencies. The President can neither magically make things dramatically better or worse. If Trump was to win the Presidency he would have to work with a legislative branch that absolutely hates him and will work to stifle any Presidential initiatives he tries to create. In fact they would spend all their time looking for any impeachable offenses he may commit.
The current US government is in dire need of change. Both the democrats and republicans need a time out and reality check. The high dollar supporters of both parties need to experience losing vast sums of money and ending up with nothing to show for their donations. The media has stepped out of the closet and turned into the National Enquirer where headlines attract readership but the actual content doesn't come close to justifying the sensationalist headlines. In the past the big media players could be more subtle in their support for one party over another. If Trump wins the media empire will see nothing but scorn and ridicule while at the same time losing their behind the scenes access to the office of the President.
And it is the time for a US President who brings to light just how worthless most of the US foreign allies are. The foreign allies are scared to death that they might actually have to become responsible for their own security instead of expecting the US to do it for them. If some country wants US military protection they should expect an invoice with at least 50% due up front.
All those people advocating a third party candidate who can win the Presidency have one staring them in the face. And make no mistake Trump is a 3rd party candidate who attacks the Republican party more than Democrats.
Trumps election would reduce the power of the behind the scenes establishment crowd for at least 4 years. If he accomplished nothing else it would be worth it to see both the Republicans and Democrats sit in the corner pouting about having no presidential power or support. All the harshest critics of Trump will be further diminished if Trump wins. They have bet everything on Clinton winning so their statements and actions will not hurt them. If Trump wins they are truly fucked because Trump doesn't strike me as the kind of person who lets personal attacks just slide by.
Trump has no government experience which could be a plus but it doesn't really matter that much. The US government is big and operates mainly on the inertia created over the years. It's a big ship that takes a long time to turn either way. Trump would not have the power to radically change anything or cause any real harm.
So why not let him slap the existing parties and their supporters in the face?
and big government is failure, as we all know it. We should privatize our security, and make the NSA as well as the military a publicly traded corporation. Trump will run the USA like a business, that's why he has my vote, although he hasn't announced privatisation of vast parts of the government yet, which I would really like.
What the fuck makes you think those tools weren't built by contractors?
They probably weren't even lowest bidder contractors either, just managed by some jackass GS-14 who didn't know shit about software but instead just follows the process and isn't even capable of doing a proper code or even review. Just checks off the requirements vs unit-tests and called done when everything was green.
Which is a better use of taxpayer money for something that won't get re-used a lot and which might have a short shelf life?
1) Expensive, good, and late, possibly too-late-to-be-useful?
2) Slightly less expensive, crappy-but-functional, and on time
Sometimes the answer is #1, sometimes it is #2. Sometimes you just don't know and you (or your bean-counting managers) have to make a call that might be wrong.
Bottom line:
I'd much rather the hacking tools be crappy than the code that runs something that directly affects tens of millions of people, like, oh, I don't know, the software that makes sure Social Security checks go out on time and in the right amounts?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Trump will run the USA like a business, that's why he has my vote, although he hasn't announced privatisation of vast parts of the government yet, which I would really like.
Ah yes, Trump the living Rorschach test. Apparently while we are meant to be ignoring all the insane things he says as sarcasm or nonsensical jokes, we are also supposed to be inserting all of our greatest policy desires between the lines. I guess I've been holding my Trump wrong this whole time. Let me just flip this around and...oh! Now it's a pretty butterfly! Go Trump!
...teach.
When you rule with technology don't be surprised when someone else comes along and beats you at your own game. #Japanese2016
Buggy code? Why is the NSA making code for buggies? I thought buggies and horse whips were "old tech"... do people still use them to get around?
Perhaps a buggy is the best way for terrorists to avoid detection. Then I could see putting some code in the buggy to track them... but where would you put it? Maybe in a horse or donkey?
I don't read your sig. Why are you reading mine?
Perhaps NSA followed the lead of the Office of Personal Management and outsourced the code writing to the Chinese?
Whats worse?
The buggy code that can hack a server
or
the buggy code running on the server that can be hacked?
Let's assume this actually is NSA code. By definition, they're working against the clock. They're exploiting vulnerabilities that the vendor might patch tomorrow, next month, next year or never. They have to assume tomorrow and work against that.
You also have to factor in deployment windows. In the case of stuxnet, I seriously doubt Iran was dumb enough to hook up their uranium extractors to the internet. Yes, you can go spear-fishing and hope you catch the right fish or you can intercept a cisco router and replace the firmware... which again puts you in a time crunch.
Finally, how many people do you think they have working on this? I've done management on projects with the lowest level of Federal security clearance and we have a hard enough time finding cleared staff that know their ass from a hole in the ground. I'd be surprised if the development team was more than 10-20 people and I seriously doubt they have a formal QA team.
TLDR; It works. Mission accomplished. (Yes, I used that on purpose).
and big government is failure, as we all know it. We should privatize our security, and make the NSA as well as the military a publicly traded corporation. Trump will run the USA like a business, that's why he has my vote, although he hasn't announced privatisation of vast parts of the government yet, which I would really like.
What the fuck makes you think those tools weren't built by contractors?
They probably weren't even lowest bidder contractors either, just managed by some jackass GS-14 who didn't know shit about software but instead just follows the process and isn't even capable of doing a proper code or even review. Just checks off the requirements vs unit-tests and called done when everything was green.
Indeed. I would assume that the code to hack the Juniper equipment was written by a Juniper employee for someone in the NSA.
...at reverse engineering and cracking tend to be extremely 'pragmatic' in their approach to creating software.
People are constantly confusing programming with software engineering. Look at Google for example, look at the design decisions behind golang. Google has lots of very smart people no doubt, but golang was designed around their pervasive weakness - they do not tend to be good software engineers (experience will usually lead them there though.)
Loading...
It's not a good sign when the supposed skilled parts of the US Govt show incompetence. Makes me doubt Aliens could be kept a secret by the US Govt.
Well, the Afghan government is incompetent. The Pentagon charges $1 million/solder year for Afghanistan. USAid isn't efficient. The VA still has big problems, in spite of the Senate subcommittee's promises of changes a few years ago. So, I guess if you hired Trump, and he hired Blackwater, Cintra, some former state governors, and Kaiser Permanente, and he appointed some people for oversight, things would be better.
Still, thousands of religious fanatics skilled in guerrilla warfare, in a nation with an indifferent populace is a very tough problem.
I bet you supported Ted Cruz.
"The purpose of the keygen tool is to generate a 16-byte random number for use by the other tools. This simple task can be accomplished by reading 16 bytes from /dev/urandom."
No, not really - not if you want to maximize entropy. The procedure he describes afterwards seems awfully convoluted, but might be a good way of generating strong pseudorandom numbers in systems with a poor /dev/urandom implementation.
Just saying, there is such a thing as disinformation
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
Just pointing out the obvious here but:
If our choices are either Trump or Hillary, *Democracy is far beyond " in trouble ".
We the people will lose either way this goes.
Besides, if you think either candidate is doing this for the good of the people . . . .
bwahahahahaha
As soon as I got as far as the mention of UIC, I assumed this would have been DJB.
https://en.wikipedia.org/wiki/Daniel_J._Bernstein
It's not cute anymore.
Crap. I have to burn this because I accidentally moderated you as insightful. You're right that big government is a failure. But Trump isn't going to do a blessed thing to downsize anything. That man's as much a totalitarian as Hillary and neither should have gotten as far as they have already. Twenty years ago, the scandals and missteps by both of them would have ruined their campaigns. Hell, Howard Dean torpedoed his run with a single howl only 12 years ago!
The difference?
He *INTENTIONALLY* gave us buggy code. While there were a few 'written from scratch' assignments to do, he felt that 'reinventing the wheel' each new concept was a waste of time, and instead taught the proper way techniques were meant to be done, provided often extremely buggy sample code (from a hypothetical fellow developer at your company) and had you clean it up and fix any issues you found in the source code. He also always included a few obscure bugs which offered bonus points so an occasional bad day wouldn't ruin you if you were otherwise on-target. Interestingly enough his class success/failure rates still matched the course averages compared to other professors, despite this (The spread of ABCDF students was very similiar to less favorable classes, but one bad/missed test wouldn't ruin an A student, and even a D/F student early on could climb back to a C if they got serious by the middle of the semester. Most didn't.)
That said, many of the other professors I had did have sloppy code, and critique of it could result in punitive scoring against your own work.
I would like to point out that everyone is assuming the leaked code is the version of the code that was used in actual operations. I would not be willing to rule out a purposeful "leak" with code that could be cleverly hiding a trojan horse (not the malware, the idea via the Greeks). Supposedly, in the 1980s the CIA learned of a leak of code that controlled pipeline valves etc, and instead of stopping the leak, the worked an attack into the code causing a large pipeline burst in Siberia. It is in a book "At the Abyss" and I admit it has some issues that make the truth not 100% certain.
Still, could the NSA have worked some clever way of tracking anyone that tries to exploit this leaked code and then leaked it themselves? My tin foil hat is firmly in place thank you.
The scenario of extracting RSA key from memory leaks on Cisco Pix reminds a lot about Heartbleed. Does Cisco Pix use OpenSSL?
Privatize security? You mean like dismantle the TSA and have airport security run by the airlines? As in having the government issue letters of marque and reprisal? Where privateers/mercenaries/whatever fight our wars for profit?
Tell me something, how are these people supposed to arm themselves? Would this not require people to be able to buy the same weapons as those available to the standing army? If not then what are people supposed to fight with, VP Biden approved double barrel shotguns?
The ability for people to fight the battles that our government gets us into was the reason for the Second Amendment. Minutemen were people of the unorganized militia that came to battle with their own weapons. That's why they were called "minutemen", because they were ready to fight on a minute's notice.
One big problem I have with your proposition is the privatization of all military. The reason the Second Amendment is there is to allow the people to protect themselves from the government. What concerns me is with no government funded military there is nothing to protect the government from the people. The mutual respect of the authority of the people and the authority of the government is supposed to keep both in check, if that fails the natural instinct to not get killed in a battle between the two was supposed to keep them in check. Disarming one or the other is dangerous, disarming both is impossible.
Trump may be supportive of our right to keep and bear arms, and he may see some value in handling many aspects of the government like a business, what I don't see him doing is privatizing the military. I believe he has enough respect of the people in uniform to believe they will do the right thing when called upon.
I did laugh at loud at your proposal, if only because it reminded me of a scene from Iron Man 2 where an irreverent billionaire told a bunch of stuffy government officials to fuck off because he just privatized national defense. In some way I see that coming. Technology is enabling people with even a few thousand dollars to spare to produce weapons on par with anything the government has. An M-16 is almost trivial to produce now in a basement shop. I believe it won't be long before larger and more complicated weapons, like a passable battle tank, can be mass produced in an amateur machinist garage.
I am armed because I am free. I am free because I am armed.
At this point that would be an incredibly good idea.
The airlines have different priorities so would run it as security and not a massive welfare program for a massive number of poorly trained staff and money funnel to political connections.
Walmart "greeters" take the security part of their job far more seriously than the TSA up to the highest level.
As for everything else, you've got some good points.
Blackwater etc partially happening and a horror story in general. Mercenaries employed to do what professional soldiers consider unprofessional or outright war crimes.
He has shown utter contempt on several occasions.
A very interesting idea but it doesn't seem to be playing out that way anywhere.
By the way, what do you second amendment types do at 45? Do you get rid of all your guns since the second amendment doesn't apply to you after that? Perhaps you should consider that your right to be armed comes from it not being taken away from you in the first place and has nothing at all to do with the second amendment.
an exploit called BANANAGLEE, used against Fortinet firewalls
If the submitter actually bothered to read the article, he would realize that BANANAGLEE targets Juniper, not Fortinet. Hoes does one make the mistake of mis-attributing to someone who was only mentioned once in the entire article?
And left unchanged to blend in with all the other script kiddies swimming the sewers with it. Best not to expose the good stuff until the initial poke has been done.
He has shown utter contempt on several occasions.
As someone that once wore the uniform of an American warrior I am quite aware of Trump saying some disparaging remarks about our military. Even so I've seen him say many good things. Hilary Clinton on the other hand allowed people under her care to die at the hands of our enemies only because by sending in our warriors might make things look worse for her. Trump isn't perfect and I'll admit that. Clinton on the other hand is far worse.
A very interesting idea but it doesn't seem to be playing out that way anywhere.
I can see both sides here, for and against.
First, in agreement with you. You are correct that people aren't mass producing machine guns in their basements or battle tanks in their garages. Even though there is a lot of suckage to go around we here in the USA still have it pretty good. People have access to a wide variety of weapons off the shelf and if one wants to go through the paperwork they can own real deal military hardware. Now people cannot own modern weapons like F-22 planes but people can get a vintage fighter plane, a belt fed machine gun, a medium battle tank, or just about anything except perhaps land mines. Because things are good and people generally have access to some really nice hardware we don't see people arming up with home made weaponry. If things become not so good then we get to my second point.
Second, I did not claim that people were making such things now, only that the capability exists or will exist very soon. Every once in a while we will even see it happen. People will have a broken rifle and it goes full auto on them, it happens. It's trivial to clean that up and make it do that intentionally and safely. We've seen people flip their lid and turn a bulldozer, earth mover, or some other piece of heavy machinery into a mobile gun platform. Not quite a battle tank but if you look for videos on the internet you'll see a few cases of some quite successful attempts at getting close. Again if this is cleaned up a bit, and done with some sane planning instead of an act of suicide by cop then we could see something quite battle worthy. A lot of people know how to make this stuff but lack the motivation to do so. With a few emerging technologies to help this along, like 3D printing, the number of people with this capability increases as does the rate at which such weapons could be produced.
By the way, what do you second amendment types do at 45? Do you get rid of all your guns since the second amendment doesn't apply to you after that? Perhaps you should consider that your right to be armed comes from it not being taken away from you in the first place and has nothing at all to do with the second amendment.
It appears you are of the mind that the Second Amendment is there to protect the state's right to create a militia. This is a false interpretation, to demonstrate how this is wrong I can show the writings of the authors of the Constitution and opinions from SCOTUS that the right to keep and bear arms exists outside of the militia. The Second Amendment protects the right of self defense by the individual and by the states. The right does not begin and end at the age of conscription.
You are correct that the right of self defense exists outside of the Second Amendment which is why I am confused that you some how came to the conclusion that I believe that the Second Amendment places limits on my rights. The Second Amendment does not define my rights, limit my rights, or create my rights. What it says is that my rights exist, that they are inherent to my person, and says that the government has no authority to deny that right to me. All of that is not said in the Second Amendment alone, but comes from the preamble to the Bill of Rights and the Constitution as a whole.
I am armed because I am free. I am free because I am armed.
And it is the time for a US President who brings to light just how worthless most of the US foreign allies are. The foreign allies are scared to death that they might actually have to become responsible for their own security instead of expecting the US to do it for them. If some country wants US military protection they should expect an invoice with at least 50% due up front.
So you think it's really in the best interests of the US to let Putin reconstruct the USSR/Warsaw Pact as he seems intent on doing? And have you noticed all the Russian activity in the Middle East of late...? Guess not.
As soon as Trump started the spewing the utter horseshit which you parrot above, it became obvious he was either working for Putin, or might as well be.
Trump/Putin in 2016! It even rhymes, hey...
Il n'y a pas de Planet B.
That's even funnier than it might appear to be at first glance, given that they already outsourced it to l0pht.
wtf? "And have you noticed all the Russian activity in the Middle East of late."
hello pot, this is kettle calling...you're black!
So the Russians are involved in Syria, via Syrian airbases and Iranian airbases, both of which they received permission to use from the host country.
The USA on the other hand... is illegally operating with non-boots-on-the-ground boots in Syria.
We invaded Iraq.
We destroyed Libya.
We have bases in Kuwait, UAE, Saudi Arabia, Iraq, Syria, Yemen, Afghanistan, Egypt, Libya.
But look over there, those damn Russians!
>> We should privatize our security, and make the NSA as well as the military a publicly traded corporation.
I know! Let's outsource it all to Microsoft!!
Erm, that's already happened . . .
Trump supporters have done the rest of us a massive favor.
They've given us a heads up on just how much of a failure our particular style of "Democracy" is.
It is clear, it is indisputable, and it is very upsetting.
Now what are we gonna do ?
If your first sentence is accurate, than Trump is a very successful businessman since I have only heard about 2 or 3 of his companies going bankrupt, and he has had 100s.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Except for Obama who expanded Bush's domestic spying.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
As seen in Syria vs Israel some years ago the German tanks that were very effective in WW2 did not stand a chance against a later American tank - there is a looong way down from those old tanks to what you describe. Those home built platforms are one roadside bomb or RPG away from scrap metal.
That's not in the amendment is it? That's kind of reinforcing my point that the right comes from elsewhere.
Real (but small) machine tools at the bottom end with controllers that could make them as easy to use as 3D printers are already as cheap. Why make a piece of shit ABS plastic gun when you can make a real one out of cheap steel after cutting and pasting a bit of code? Personally I think the 3D guns thing is from attention seekers that don't care if they ruin stuff for everyone - a lot of types of wood are stronger than ABS plastic.
Your conspiracy theories A, B and C depict them as an unknowable force with perfect capability. That's a common factor with a lot of conspiracy theories where the exponents can feel comfort that there is somebody with infinite capability in control so they don't have to worry.
Reality is a series of fuckups some of which have got public attention. The theory that the fuckups are just there to lull us into a false sense of security instead of them being a bunch of toy soldiers that should be replaced with the real thing is especially pathetic. The amount of money being funneled through to private contractor that employed Snowden is staggering and proof enough that the NSA is a very long way from being perfect. The vast number of external bodies with hooks deep into the heart of the NSA would have made it very easy for foreign powers to get hold of everything Snowden had and more.
It's looking more and more that the NSA is more a machine to pump taxpayers money to people with good connections than anything to do with national security.