The Big Think

April 12, 2014

Oh, Good Grief

Filed under: Politics — jasony @ 9:19 am

Report: NSA secretly exploited devastating Heartbleed bug for years (Update: NSA denies) | PCWorld: “This week, it came to light that a small error in the open-source OpenSSL implementation of the SSL encryption protocol opened a gaping hole in the security of hundreds of thousands websites and networking equipment across the Net—and that hole had been wide open and exploitable for years. Passwords could be easily grabbed. User names matching those passwords could be easily grabbed. Heck, userdata could be easily grabbed. The ‘Heartbleed’ moniker attached to the devastating bug seemed all too apt.

And Friday afternoon, Bloomberg reported that the National Security Agency has been aware of and actively exploiting the Heartbleed bug for at least two full years,”

If untrue (and it’s still not proven) then they were as caught off guard as the rest of us. But if this is true, I don’t see how any defenders of the organization can continue to say that they’re only doing good, and legally allowable, operations. Also, if this is true (and I really hope it isn’t) then it represents a fairly alarming watermark for security overreach that breaks about fifty laws.

I wonder which it is?

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

You must be logged in to post a comment.

Powered by WordPress