Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

NSA must report security flaws — with some exceptions

Add as a preferred source on Google

With the Heartbleed bug causing havoc and Dropbox users jumping ship it’s been another week in which data security and privacy have been making headlines. Now the New York Times has shed light on the NSA’s responsibilities when it comes to security flaws like Heartbleed: The Agency must report any vulnerabilities that it finds, unless there is “a clear national security or law enforcement need” to keep it hidden.

The guidelines were set down by the Obama administration back in January, but this part of the ruling has only come to light in the wake of Heartbleed. There has been some concern that the NSA may have been quietly using Heartbleed for years to serve its own purposes, something which the Agency has denied.

Recommended Videos

Thanks to the NYT, we now know more about the NSA’s responsibilities when it comes to any security holes that it comes across. The organization “is biased toward responsibly disclosing such vulnerabilities” said a spokeswoman, but that doesn’t mean that all bugs that the NSA digs up will be announced as a matter of course — any discoveries can be kept hidden and utilized for purposes of national security, if deemed necessary.

Ultimately, the decision rests with the government as to whether bugs such as Heartbleed should be reported to the technology community or exploited to gather data. A White House source quoted by the NYT said that giving up vulnerabilities automatically would put the country at a disadvantage: “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more