You Are Dumb, which is not a blog, posts new columns every weekday, except for a couple of days each month when it doesn't. It is also a Twitter feed, @youaredumb, with content in a similar vein but much shorter. My spinoff food site, Forkbastard, can be found easily enough by the clever.
Memo to Obama and his NSA: OH, THAT MAKES ME FEEL BETTER.
You may, over the past week, heard about Heartbleed. If you're wondering what Heartbleed is and what it means to you, well, allow me to explain.
Remember last year, when everyone who shopped at Target for two and a half weeks had their credit card info snagged by a security breach, and Target was very slow and shitty about telling everyone about it and was kind of shitty about making up for it?
Well, imagine that instead of shopping at Target, you were using the Internet. And instead of your credit card, it was credit cards and passwords and everything you did on the Internet for two years. And instead of knowing it had been taken, you just get to know that it was possible for someone, someones, or anyone with knowledge of the flaw to HAVE taken it at some point in the past two years. That's Heartbleed.
Oh, and instead of the people hiding the leak being a retail corporation trying desperately to cover its ass for a couple of weeks, it may well have been the federal government. Merry Christmas!
An anonymously-sourced report in Bloomberg said that the NSA learned about the Heartbleed flaw in OpenSSL fairly quickly, and kept quiet about it so they could have an easy back door any time they needed a quick way to grab some passwords or user data.
Now, Obama and the NSA are denying this, and when a spy agency and a president insists that they're not engaged in skullduggery, we should totally believe them. I mean, it's not like the NSA has denied doing dozens of other things that it turns out they were doing, both officially and unofficially.
And, you know what? Even if they didn't know, it doesn't matter. First, because they've destroyed even the tiny amount of credibility a spy agency should be given at any time. And second, because the official line out of the administration is that they didn't do anything like this, they wouldn't do anything like this, and if it's necessary for national security, they will totally keep doing this.
"Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities. - official statement from the Office of the Director of National Intelligence.
So basically, first, they claim a loophole big enough to drive a tractor trailer through. "clear national security or law enforcement need" covers fucking everything. And in case that doesn't cover everything, they promise that if there isn't a clear need, they'll bias their process towards telling us about security holes. They won't necessarily tell us, but they'll bias their process towards telling us. And doesn't that make you feel better?