General Discussion

WillyT

(72,631 posts) Fri Apr 11, 2014, 07:36 PM Apr 2014

NSA Knew About And 'Exploited' Heartbleed For Years: Bloomberg [View all]

NSA Knew About And 'Exploited' Heartbleed For Years: Bloomberg
The Huffington Post | by Dino Grandoni
Posted: 04/11/2014 3:10 pm EDT Updated: 04/11/2014 5:59 pm EDT

<snip>

The Heartbleed bug just went from bad to worse to truly, utterly terrifying.

The National Security Agency knew of the existence of the catastrophic bug for at least two years and kept it a secret from the public and the cybersecurity community in order to exploit it, according to a bombshell report from Bloomberg News. However, the agency is denying the story.

While it's unclear what the agency was able to do with its knowledge of the exploit, we at least know this: If the report is true, the NSA knew about one of the most dangerous bugs in Internet history, and it did nothing to warn us about it.

"NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report," the Office of the Director of National Intelligence said in a statement to HuffPost. "Reports that say otherwise are wrong." A White House spokesperson also stated that no federal agency was aware of the bug.

First discovered by Google and Codenomicon, a security firm, the Heartbleed bug is a flaw in the encryption used to protect vast number of websites from hackers. The fear is that the bug may expose credit card numbers, passwords and more.

Yahoo, Amazon and many, many other major websites used the free code, called OpenSSL, since encryption software is notoriously difficult to write.

Immediately after news of Heartbleed broke, some suspected that the NSA was exploiting the security lapse to access people's private data. Others saw it coming even before that: The documents leaked by former NSA contractor Edward Snowden indicated that the NSA partnered its British spying equivalent, the GCHQ, to try to crack SSL and other encryption standards that protect the Internet.

<snip>

More: http://www.huffingtonpost.com/2014/04/11/nsa-heartbleed_n_5134813.html

26 replies

= new reply since forum marked as read

Highlight:

NSA Knew About And 'Exploited' Heartbleed For Years: Bloomberg [View all] WillyT Apr 2014 OP

just meta data, doncha know? grasswire Apr 2014 #1

2 For 1 Special, I Suppose... WillyT Apr 2014 #2

we're not being spied on! because the One said so! MisterP Apr 2014 #13

More info BlindTiresias Apr 2014 #3

k and r nt Mojorabbit Apr 2014 #4

They did not write the code RobertEarl Apr 2014 #5

Sorry... WillyT Apr 2014 #7

According to the Bloomberg artilce... idendoit Apr 2014 #6

Prove it is false, because so far the only thing we have is a denial from NSA ... nt MindMover Apr 2014 #8

I'm not the one making the assertion. idendoit Apr 2014 #9

People in the know, YES .... MindMover Apr 2014 #10

Try to emulate your avatar and not worry so much. idendoit Apr 2014 #12

I know, for a FACT, that the NSA was not behind it.... PosterChild Apr 2014 #23

That's EARNED trust. Pholus Apr 2014 #11

Only two choices? idendoit Apr 2014 #14

Yup, the two people are questionable. Pholus Apr 2014 #15

+100 !!! PosterChild Apr 2014 #22

Wow, I feel so much safer...Thanks NSA! Oilwellian Apr 2014 #16

K&R. JDPriestly Apr 2014 #17

NSA steals our property and NSA apologists enable them. There is pragmatic_dem Apr 2014 #18

So everyone will know everything about each and every one of us. mia Apr 2014 #19

who cares? here is who cares pragmatic_dem Apr 2014 #20

Only those looking to control or imprison others dreamnightwind Apr 2014 #21

Every day, and in every way, I feel Safer and Safer! n/t n2doc Apr 2014 #24

I'd have thought the NSA would only be one of dozens of organizations to have taken advantage Blue_Tires Apr 2014 #25

K&R DeSwiss Apr 2014 #26