I agree with that assessment: TSB were blackmailing the NSA 'We bees having windows vulns'. NSA told MS - red faces all round but then we're pros right?,..move on. Now TSB have nothing except maybe some doco and every USGA after them LOL! Anything else is stretching it. How these idiots came upon EQTN - maybe other people know, I don't. As broker of 0day exploits, they suck. As to what the NSA should be doing with 'your taxes' - erm, what do you people think the NSA do or to rephrase what do you think they should be doing? USGA have layers of expertise available to them and some punkery may have had to have been tolerated at some field level because y'know these skills are in demand and private sector pays more and when a kid has a secret some kids just can't help themselves - they are by definition immature. There is the possibility that NSA work with MS but given the emergency nature of the patch it appears not so, which is disappointing because as a federal employee you do not want to be breaking innocent people's stuff.
> How these idiots came upon EQTN - maybe other people know, I don't.
That's the bit that should really worry you. After all, if the NSA can't keep its goodies under lock and key then that means that others, possibly including your enemies have those goodies too.
It's one thing to be active in the weapons research domain, it's another to give that research away.
'Give' is harsh if you understand the operational constraints people on government salaries and budgets had to work under. USGAs collected/acquired/amassed rather than developed these and packaged them into a field kit - they were in the dark domain (for $$$), then meh punkery. Sure we'd all love to be chillin' with JMac shootin' up the neighbors porch. Not just NSA either... just sayin'. Even GCHQ have warez :O TSB are the curly, moe and larry of this sorry affair. they got lucky, now they gonna bees unlucky lol!
So, if the NSA becomes aware of an exploit that they are able to procure for $ and they really have the security of the United States at heart don't you think the proper course of action would be to alert the vendor rather than to leave their own people just as wide open to attack as their enemies?
I could understand them hoarding their own research but this essentially confirms that the NSA doesn't care about the security of the home country as much as they care about being able to infiltrate elsewhere and to me that seems to be a badly chosen priority.
After all they can't know for sure who also has access to that vulnerability.
In this circumstance, the NSA's two missions come into conflict - to spy on foreign targets, and to protect American targets. From the perspective of that institutional mission, it's not clear which motive should win out.
Do you really think that Microsoft are unaware of the limburger that lurks within their codebase to allow subtee, image hijinx, and the rest? cpls and pifs were in windows 3.1!
