Bitch-Slapping Statists For Fun & Profit Based On The Non-Aggression Principle
HomePortalGalleryRegisterLog in

 NSA exploited Heartbleed for two years claim insiders

View previous topic View next topic Go down 


Female Location : Ether-Sphere
Job/hobbies : Irrationality Exterminator
Humor : Über Serious

NSA exploited Heartbleed for two years claim insiders  Vide
PostSubject: NSA exploited Heartbleed for two years claim insiders    NSA exploited Heartbleed for two years claim insiders  Icon_minitimeSat Apr 12, 2014 8:15 pm

The NSA has not only known about the Heartbleed bug for at least two years, but exploited it in regular surveillance attacks, insider sources have alleged, opting to keep the security flaw a secret because of its value to intelligence gathering. Heartbleed, which has forced companies big and small to update the security of their sites after a flaw in the SSL believed to be keeping users' details safe, has prompted a mass change in passwords over the past week.

NSA exploited Heartbleed for two years claim insiders  Heartbleed1-820x420

That flaw could have been identified and patched years ago, Bloomberg sources claim, but instead the US National Security Agency opted to keep details of the exploit to itself.

Insight on exactly how the NSA supposedly used Heartbleed is scant, with only two "familiar with the matter" piping up. However, possibilities include grabbing user passwords and other information, and thus being able to spy on web use.

The NSA has declined to comment on whether it knew about, or used, the exploit. However, debate over whether the surveillance agency was right to stockpile its backdoor access or should have stepped forward to identify it is already underway.

On the one hand, by opting to keep Heartbleed secret, the NSA has left millions of internet users - a sizable proportion of them the American citizens its mission is to protect - at risk of hacks. According to one source, the NSA's team of over 1,000 experts spotted the bug's potential "shortly after its introduction."

Heartbleed was then added to the NSA's core toolkit of data acquisition tools, it's said.

The other side of the argument is that identifying and utilizing exploits is a key aspect of the NSA's role, even given that role's classification as "defense", and that critics of the agency's behavior are mistakenly assigning it responsibilities actually held by different government divisions.

US-CERT, for instance - the United States Computer Emergency Readiness Team - has "responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world" as its remit.

Either way, Heartbleed is out in the open now, with dozens of sites announcing that they have patched the flaw over the past few days. Fixing your own internet security is also straightforward, though how many will actually change their passwords and follow the general good-practice advice remains to be seen.
Anarcho-Capitalist, AnCaps Forum, Ancapolis, The Dark Side, OZschwitz Contraband
“The state calls its own violence law, but that of the individual, crime.”-- Max Stirner
"Remember: Evil exists because good men don't kill the government officials committing it." -- Kurt Hofmann
Back to top Go down

NSA exploited Heartbleed for two years claim insiders

View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
 :: Anarcho-Capitalist Categorical Imperatives :: AnCaps In Science, Technology & Environment-