[campbellsoup]

The article is dated "May 6, 2014 5:00AM ET", hardly news...

To me it seems more like the NSA wanted to make the Web giants aware of new or unmitigated threats. Here's a quote from Gen. Alexander:

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

[madaxe_again]

"It seems"

Yes it does. A year ago "it seemed" that the internet wasn't 100% insecure, however.

Therefore, this was more likely than not a cover.

I mean, we already know from Snowden that the bios bit is a lie. They didn't fix a vulnerability, they introduced one.

Edit: Not entirely sure why I'm being downvoted for this - see http://www.tomsitpro.com/articles/dell-nsa-ant-deitybounce-s... and http://leaksource.files.wordpress.com/2013/12/nsa-ant-deityb...

[SeanDav]

* "Edit: Not entirely sure why I'm being downvoted for this" *

You are implying something negative about Google. There are a lot of Google employees and Google fanboys active on HN that will happily downvote anything negative on Google whether it has merit or not.

That is not to say that everyone who works at Google or who likes Google products cannot accept criticism but a number will downvote you regardless. The same applies to Apple, Microsoft and other cliques. If you make a negative post about them, be prepared for downvotes.

In addition you are not presenting any proof and even though your point may be perfectly valid and correct it does smack of a conspiracy theory which tends to attract downvotes as well. Who knows what the real truth is, just don't use Google products if you are concerned, there are alternatives out there.

[rayiner]

> Yes it does. A year ago "it seemed" that the internet wasn't 100% insecure, however.

Who that knows anything about the internet ever thought it wasn't 100% insecure? It's a distributed network built routing packets untrusted intermediaries, and many of the core protocols send plain-text data in those packets. It's 100% insecure by design.

[abritishguy]

>more likely than not a cover.

And this is where reasoned debate turns into conspiracy theories.

> we already know from Snowden that the bios bit is a lie

Do we? So because they discovered a vulnerability in a particular Dell server in 2007 (discovered != introduced) this means that they could not have possibly disclosed details of a different bios vulnerability to tech giants years later?

> Not entirely sure why I'm being downvoted for this

Because you are claiming opinion and speculation as fact.

[throwaway7737]

I'm very concerned about the mass surveillance revealed by Snowden, but based on those links I can't really see that any cooperation was needed.

The last link makes it quite clear that this is about the NSA reflashing machine BIOS with a compromised version ("Through remote access or interdiction"). If the NSA decides to reroute your shipment of a new computer to their facility to mess with it, no amount of BIOS security is going to stop that. The same applies if they already have remote access (I'm guessing in that case it's about implanting a persistent backdoor in case the targeted user wipes his machine).

I would expect that they have ready-to-go compromised BIOS replacements with persistent backdoors for most popular machines.

The tomsitpro article suggests that this has been "solved" by UEFI signed BIOS firmware, which is just ridiculous. Does anyone really believe that the NSA does not have access to means to get stuff signed by CAs? Just looking at what they're trying to do they would be seriously incompetent if they did not (the CA system is a joke!). And even if they were so incompetent, what's to stop them from using a hardware flasher to flash the BIOS chip directly if they already have physical access to the machine through interdiction?

[meowface]

What suggests this is a cover?

The NSA's biggest public facing role is to provide security to the government and private sectors. It's not at all unusual or suspicious that Alexander would meet with top CEOs to discuss security and mitigation strategies, without any of the CEOs knowing the extent of the wiretapping going on.

I highly doubt anyone at Google was aware of traffic being intercepted between their data centers during these meetings as well. I'm sure Alexander knew, but he only told Google what they needed to know.