Cisco confirms NSA-linked zeroday targeted its firewalls for years

alias454

Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica

There is also some interesting links within the article as well.

Chinook

On a side note, I had a chuckle at this link ---> Mustafa Al-Bassam, a security researcher, told Ars. "I wouldn't imagine it would be difficult for the NSA to get access to a device in a large company's internal network, especially if it was a datacenter."

Mustafa was Tflow in Lulzsec. Hacking, the only place a convicted can get a legitimate job.The way I see it now, everything is compromised, open source or not.

the_Grinch

If you aren't operating under the belief you are compromised then you are deluding yourself.

OctalDump

I'm not convinced that the current arrangement of the dual mission of the NSA (and many similar organisations around the world) is a good idea. On the one hand they are meant to protect the nation's communications, and on the other, they are tasked with listening on other or as the Australian equivalent (ASD) puts it "'Reveal their secrets, protect our own".

So for the NSA, it is very useful to be able to exploit vulnerabilities in widely deployed systems like Cisco devices or Windows (or AWS, Google etc etc), so that they can more easily listen in on foreign threats. BUT if they don't patch these for US organisations, they leave them vulnerable to others. It's a clear conflict between the two goals.