Printed from http://www.electronista.com

NSA denies using Heartbleed security flaw in intelligence gathering

updated 10:43 am EDT, Sat April 12, 2014

Agency claims it didn't know of flaw until public disclosure

As reports of the severity of the Heartbleed OpenSSL bug has spread, so have the rumors. A report from Bloomberg has claimed that the US National Security Agency exploited the flaw for years. In its own defense, the NSA issued an unusually specific statement saying that not only did it not use the exploit, but it didn't even know about it until news of it went public a few days ago.

According to the report, two sources close to the matter claimed that the NSA found out about the bug in 2012 when the code changes were first committed, and had been using it in secret since then, keeping it under wraps as a matter of national security.

Heartbleed appears in the widely-available OpenSSL version 1.0.1, as well as the beta of 1.0.2, with the former version being used in a large proportion of servers. The affects of the bug are varied and wide-ranging, with ZDNet reporting it as allowing attackers to potentially reveal credit card details in a transaction over HTTPS, normally considered secure.

The severity of the issue potentially allows for the SSL keys to be used to enter a server without leaving any sign of an intrusion. The Heartbleed site dedicated to the bug, created by Codenomicon Defensics, describes Heartbleed as allowing attackers to potentially "eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users."

Apple was unaffected by the bug. Yahoo, Gmail, and Amazon Web Services were all affected by it, which could have been the basis of the initial email surveillance reports leaked by Edward Snowden in 2013. The Bloomberg report suggests that the NSA has a database of exploits similar to Heartbleed hundreds of items long.

The governing body of the NSA, the National Security Council issued an oddly adamant denial regarding it. In its statement, the council claims that "reports that NSA, or any other part of the government, were aware of the so-called Heartbleed vulnerability before April 2014 are wrong." The statement goes on to say that "if the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL." The NSA does not usually couch its statements or denials in such direct and unequivocal language.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. afaby

    Fresh-Faced Recruit

    Joined: 07-18-05

    Suuuuure. We believe you.

  1. ricardogf

    Fresh-Faced Recruit

    Joined: 01-13-03

    Of course, NSA - we trust every single word you utter 150%...NOT.

  1. iBricking.com

    Fresh-Faced Recruit

    Joined: 12-18-07

    America has destroyed itself, in the name of terrorism.

  1. apostle

    Junior Member

    Joined: 04-16-08

    America. Where the inmates run the asylum. Voting in an election should be a privilege granted the educated and informed. Not a "right" granted every miscreant with a bone to pick.

  1. Mike Wuerthele

    Managing Editor

    Joined: 07-19-12

    Originally Posted by apostleView Post

    America. Where the inmates run the asylum. Voting in an election should be a privilege granted the educated and informed. Not a "right" granted every miscreant with a bone to pick.



    I think its got more to do with our "sucks less than the other guy" choices we have to make.

  1. DiabloConQueso

    Fresh-Faced Recruit

    Joined: 06-11-08

    "Voting in an election should be a privilege granted the educated and informed. Not a 'right' granted every miscreant with a bone to pick."

    If ever there was a slope, this would be the slipperiest of them.

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    It's a stupid slope too. Having to pass someone's test in order to vote is a simple minded approach to presumably your desired end, an educated and informed public. It couldn't be much less supportive.
    I can tell you for certain that there are tons of educated informed people making the dumbest decisions on a regular basis. ...much like floating this very idea. Your idea doesn't help in any way. Period.
    Maybe you could get some buy in by adding a test for benevolent and moral grounding. I still think it's a stupid idea.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News