[kornholi]

From Krebs tweets:

The NSA's Neuberger said this wasn't the first vulnerability the agency has reported to Microsoft, but it was the first one for which they accepted credit/attribution when MS asked.

Sources say this disclosure from NSA is planned to be the first of many as part of a new initiative at NSA dubbed "Turn a New Leaf," aimed at making more of the agency's vulnerability research available to major software vendors and ultimately to the public.

[ct520]

more like someone with some commonsense decided to capitalize on disclosing issues when other countries get zero days. Oh well, guess we can't use this anymore Bob, china has been exploiting it over the past week. Call Microsoft lets at least get some free PR in exchange of having to give this up.

[toyg]

They have probably done that for a while (this is the first public attribution, not the first disclosure); but they are now blowing their trumpet because they need some good PR. Why?

Snowden.

[idlewords]

Much more likely the bad reaction to Eternal Blue.

[toyg]

EternalBlue would have not received that much coverage had it not happened after Snowden proved that the American public cannot trust the agency. They had been dragged to the foreground before without repercussions, because reactions were limited to the IT world. Snowden made it a general-public issue, and now they are forced to to shape up.

[reaperducer]

You write that like it's a bad thing.

[SlowRobotAhead]

You can do the right thing for the wrong reasons.

[jka]

An alternative angle that could make sense is that it shows that they're not purely intent on hoarding exploits (particularly dangerous ones) and are willing to report them to software vendors in order to reduce everyone's risk profile.

That'd be more of a communal-good, de-escalation approach. There's certainly something to be said for the fact that it displays the talent and expertise available too though (i.e. helping for recruitment).

[mzs]

The tweet* from the call with reporters - a cynical person might think instead that NSA thought that with the similarity to the LE and FF flaws it was not much longer before a hostile actor would find this crypt.dll flaw so it was time to notify MS.

* https://twitter.com/briankrebs/status/1217125030452256768

[blaser-waffle]

Didn't the FBI or NSA push for flawed Elliptical Curve Crypto in the past?

Could be the knew about it for a while and had milked it hard until they caught someone else using it. Or like the parent said, previously discovered flaws meant that someone might catch this one, too.

[andromeduck]

It was Dual EC DRBG, a prng

[mzs]

There is no evidence that US push flawed curves.

[alasdair_]

>There is no evidence that US push flawed curves.

"Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or “back door” - that allowed the NSA to crack the encryption."

https://www.reuters.com/article/us-usa-security-nsa-rsa/excl...

[tptacek]

"Dual Elliptic Curve" is an RNG, a PKRNG, that works by using a public key to encrypt its state, which is then directly revealed (as public key ciphertext) to callers (for instance: in the TLS random blob). The problem with PKRNGs has nothing to do with elliptic curves; you could design one with RSA as well. The problem is that for a given public key, there's also a private key, and if you have that private key you can "decrypt" the random value to reveal the RNG's state.

That's not a flawed curve that NSA pushed; it's a much more straightforward cryptographic backdoor.

[mzs]

"random number generator"

[mrguyorama]

>a new initiative at NSA dubbed "Turn a New Leaf,"

More like "do the actual job they are paid to do"

[eyegor]

They are paid to collect intelligence for the benefit of the american people, not american companies. Luckily citizens united hasn't stretched that far.

[monoideism]

Their mission also explicitly includes information assurance:

Mission Statement The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) and information assurance (now referred to as cybersecurity) products and services, and enables computer network operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.

[Seenso]

They've got to balance both roles.

IIRC, in earlier times the government didn't use as much COTS stuff, and civilian computer systems weren't so critical, so the roles were easier to separate. The NSA developed whole series of secret encryption algorithms for the exclusive use of the government/military, and civilian algorithms weren't approved to secure classified communications.

https://en.wikipedia.org/wiki/NSA_cryptography

[A4ET8a8uTh0]

I always wondered why Barr, Comey and basically every AG I paid attention to, consistently want to break encryption for the populace.

I guess it makes sense proponents of those changes would be ok of breaking it for the proles of they thought their secrets are protected.

[thfuran]

You don't see how a lack of critical vulnerabilities is software infrastructure is of benefit to citizens?

[diffeomorphism]

No, I don't see how this is part of foreign intelligence/surveillance/espionage work. It is good that these vulnerabilities are fixed, of course. But shouldn't that be at least a separate partially independent branch of the NSA? Otherwise you get a large conflict of interest.

[xrayzerone]

Their job is to collect signals intelligence and execute cyber warfare operations. Not whatever you think it is.

[mrchucklepants]

Their job is more than that.

"The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) and information assurance (now referred to as cybersecurity) products and services, and enables computer network operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances."

[1] https://www.nsa.gov/about/mission-values/

[xrayzerone]

So...SIGINT and CNO. Exactly as I stated.

[toomuchtodo]

Security assurance isn’t necessarily cyber warfare. To have the high ground is not the same as using it offensively, hence the expectation of defensive posture as part of the NSA’s mission (although admittedly some offensive activities are to be expected, depending on the situation, such as Stuxnet and Iran).

[ericmason]

Not sure if you’re just being snarky, but the NSA’s stated mission includes helping with cyber security: https://www.nsa.gov/about/mission-values/

[Ajedi32]

It also involves breaking enemy cyber security (signals intelligence).

It's actually a rather fascinating incongruity, since we live in a world where "the enemy" is more likely than not to be using the same software systems that the NSA themselves are, and that therefore any exploitable flaws they find in enemy systems are pretty likely to be just as exploitable in their own. (And that similarly, disclosing the flaw in order to fix the issue in their own systems is very likely to result in "the enemy" fixing the flaw as well.)

A couple years ago the White House released a document explaining the process they use for deciding what vulnerabilities they keep secret: https://www.cnet.com/news/white-house-trump-administration-h... noting that "In the vast majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest". Though from what we've seen in past leaks, it's pretty obvious they don't reach that conclusion for all vulnerabilities they find.

[xrayzerone]

And what do you think the end state of all that cybersecurity research is?

[monoideism]

NSA has long had an explicit offensive and defensive mandate. They even recently created a cyber defense directorate:

https://www.washingtonpost.com/national-security/nsa-launche...

[wolf550e]

NSA has both attack and defense mandates and organizations. Currently, the attack org has priority, but it's not like the defense org does nothing. So if the attack org doesn't want a vuln, they can let the defense org reveal it for PR points.

[Havoc]

I like NSA being more active, but the concept of trusting NSA on crypto is just never gonna happen. Their core mandate is being able to break it so the whole concept is a non-starter

[tptacek]

This kind of logic is attractive on message boards but makes little sense in the real world.

What NSA needs are NOBUS ("nobody but us") backdoors. Dual_EC is a NOBUS backdoor because it relies on public key encryption, using a key that presumably only NSA possesses. Any of NSA's adversaries, in Russia or Israel or China or France, would have to fundamentally break ECDLP crypto to exploit the Dual_EC backdoor themselves.

Weak curves are not NOBUS backdoors. The "secret" is a scientific discovery, and every industrialized country has the resources needed to fund new cryptographic discoveries (and, of course, the more widely used a piece of weak cryptography is, the more likely it is that people will discover its weaknesses). This is why Menezes and Koblitz ruled out secret weaknesses in the NIST P-curves, despite the fact that their generation relies on a random number that we have to trust NSA about being truly random: if there was a vulnerability in specific curves NSA could roll the dice to generate, it would be prevalent enough to have been discovered by now.

Clearly, no implementation flaw in Windows could qualify as a NOBUS backdoor; many thousands of people can read the underlying code in Ghidra or IDA and find the bug, once they're motivated to look for it.

[monocasa]

I mean, the 0 days in the shadowbroker dumps wouldn't count as "NOBUS" backdoors either, but the NSA was sitting on those like a dragon hording gold.

[tptacek]

Those aren't vulnerabilities NSA created, unlike Dual_EC, which is.

[monocasa]

Neither is this crypt32 vulnerability, which is part of the analogy the parent comment is making.

[tptacek]

NSA disclosed this CryptoAPI vulnerability. What's the lesson to draw from that?

[saagarjha]

Right, but in the absence of everyone using their NOBUS-backdoored software presumably the next best thing would be to hoard zero days and hope they can work as pseudo-NOBUSes.

[tptacek]

That's certainly true; NSA is chartered to exploit vulnerabilities and certainly hoards them. But that doesn't address the question of whether you should trust NSA "on crypto". Here, they're the ones disclosing the crypto flaw; there's no need to "trust" them, because they're clearly right (Saleem Rashid worked out a POC for this on Slack in something like 45 minutes today).

Should you trust them about Dual_EC? Obviously not: the sketchiness of Dual_EC has been clear since its publication (the only reason people doubted it was a backdoor was that it was too obviously a backdoor; I gave them way too much credit here).

Should you trust them about the NIST P-curves? That depends on who you ask, but the NOBUS analysis is very helpful here: you have to come up with a hypothetical attack that NSA can exploit but that nobody else can discover, otherwise NSA is making China and Russia's job easier for them. Whatever else you think about NSA, the idea that they're sanguine about China is an extraordinary claim.

[cafxx]

> Sources say this disclosure from NSA is planned to be the first of many as part of a new initiative at NSA dubbed "Turn a New Leaf," aimed at making more of the agency's vulnerability research available to major software vendors and ultimately to the public.

Sounds like "we find so many critical bugs... we don't need all of them to achieve our goals, so let's blow some of them for PR"

[chance_state]

I think it's more like, "We find so many critical bugs, let's blow some of them for PR once we discover that adversaries are using them too."

[swarnie_]

Bull.... A more likely scenario is they've been sat on this for years and finally saw another actor using it in the wild.

[chance_state]

So... exactly what I said?