Linked by Thom Holwerda on Fri 11th Apr 2014 20:21 UTC
Privacy, Security, Encryption

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA's decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

I'm so surprised.

Update: NSA denies.

Thread beginning with comment 586951
To read all comments associated with this story, please click here.
Yeah, Right.
by reduz on Sat 12th Apr 2014 02:32 UTC
reduz
Member since:
2006-02-25

"When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose."

Then from Wikipedia:

"Stuxnet attacked Windows systems using an unprecedented four zero-day attacks (plus the CPLINK vulnerability and a vulnerability used by the Conficker worm[43])"

Edited 2014-04-12 02:32 UTC

Reply Score: 5