Linked by Thom Holwerda on Fri 11th Apr 2014 20:21 UTC
Privacy, Security, Encryption

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA's decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

I'm so surprised.

Update: NSA denies.

Thread beginning with comment 587000
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: I don't think so...
by bassbeast on Sat 12th Apr 2014 22:03 UTC in reply to "I don't think so..."
Member since:

Not to mention the NSA has backdoor access to the trunks, which we know thanks to the AT&T whistleblower. The NSA using Heartbleed would be about as pointless as someone who drives a tank through your house going back to then pick the lock on the door, it would be pointless and frankly waste more time than is required.

Reply Parent Score: 2

RE[2]: I don't think so...
by umccullough on Sun 13th Apr 2014 17:06 in reply to "RE: I don't think so..."
umccullough Member since:

it would be pointless and frankly waste more time than is required.

You may be unfamiliar with how SSL works.

Assuming the NSA is logging all encrypted traffic (which they claim they do - and are storing indefinitely), then they could potentially go back and decrypt the traffic after the fact if they are able to obtain the server's private key (which Heartbleed was proven to reveal in some circumstances).

This encrypted data would otherwise be hidden from their view, no matter how many taps they have on the trunks.

There are some mitigation mechanisms that help prevent such retrospective decryption, such as Forward Secrecy - but not all servers enable this feature by default, and not all browsers support it.

Reply Parent Score: 6