Nah, I am extremely pro-Snowden & extremely anti-NSA... but I'm also a person that enjoys programming in C.
C is hard. I really think this was just a bug. What _is_ possible though is that the NSA knew about this bug since awhile back and kept it secret. But then if they knew about the bug, why was nasa.gov vulnerable? I would not expect any .gov domains to be vulnerable unless to create plausible deniability - but this kind of conspiracy logic has no end.
What's critical about nasa.gov? It's just a marketing facade. Not patching it means nothing.
I'm not saying that NSA did/didn't do X. Just that the above about .gov domains is not a valid argument. Intelligence gathering trumps trivial service to citizens.
C is hard. I really think this was just a bug. What _is_ possible though is that the NSA knew about this bug since awhile back and kept it secret. But then if they knew about the bug, why was nasa.gov vulnerable? I would not expect any .gov domains to be vulnerable unless to create plausible deniability - but this kind of conspiracy logic has no end.