<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em;
line-height: 1.5em; font-family: Georgia, serif; color: rgb(0, 0,
0); font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"><br>
<a
href="http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html">http://www.washingtonpost.com/world/national-security/nsa-considers-shifting-database-of-domestic-phone-logs-to-third-parties/2014/01/07/1df6b7f6-7718-11e3-8963-b4b654bcc9b2_story.html</a><br>
<br>
</p>
<p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em;
line-height: 1.5em; font-family: Georgia, serif; color: rgb(0, 0,
0); font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"><strong style="font-weight:
bold;">Should NSA point out holes?</strong></p>
<p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em;
line-height: 1.5em; font-family: Georgia, serif; color: rgb(0, 0,
0); font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">Among the weapons in the
NSA’s arsenal are “zero day” exploits, tools that take advantage
of previously unknown vulnerabilities in software and hardware to
break into a computer system. The panel recommended that U.S.
policy aim to block zero-day attacks by having the NSA and other
government agencies alert companies to vulnerabilities in their
hardware and software. That recommendation has drawn praise from
security experts such as Matt Blaze, a University of Pennsylvania
computer scientist, who said it would allow software developers
and vendors to patch their systems and protect consumers from
attacks by others who may try to exploit the same vulnerabilities.</p>
<p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em;
line-height: 1.5em; font-family: Georgia, serif; color: rgb(0, 0,
0); font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">“This is not to say that
reporting a vulnerability means that NSA can’t also exploit it
against their targets, only that their overall national security
role means that their first responsibility must be to work to fix
it,” Blaze said.</p>
<p style="margin: 0px 0px 22px; padding: 0px; font-size: 1.5em;
line-height: 1.5em; font-family: Georgia, serif; color: rgb(0, 0,
0); font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">But Schaeffer said: “You’re
taking a potential weapon away from the very people we’re asking
to protect the nation. Those people ought to be able to use their
best technical professional judgment as to when it’s appropriate
to alert industry that there’s a vulnerability.”</p>
<br class="Apple-interchange-newline">
</body>
</html>