Drop Down MenusCSS Drop Down MenuPure CSS Dropdown Menu
Alternative Text Alternative Text Alternative Text Alternative Text
Survivor of US Drone Attack:
Obama Belongs on List of World's Tyrants

Poisoning Black Cities: Corporate Campaign to Ethnically Cleanse US Cities Massive Marches in Poland
Against Authoritarian Threat of Far-Right
Ethiopia’s Invisible Crisis: Land Rights Activists Kidnapped and Tortured

Global Perspectives Now Global Perspectives Now

The NSA Knew About and Exploited the Heartbleed Bug for ‘at Least Two Years’ — The Bug Crippled Internet Security: Did the NSA Invent the Bug?

"NSA Eagle" (Illustration by EFF)
"NSA Eagle" (Illustration by EFF)
By
When I wrote about the Heartbleed bug last week, and how it means that much of the web has been insecure for the last two years, I found myself thinking: “if I was the NSA, or some other intelligence agency, this is exactly how I would go about gathering sensitive data.” It’s very nearly the perfect hack: Subvert a piece of open-source code that almost everyone uses without question, and then use that vulnerability to extract sensitive information until it’s publicly discovered — at which point, you create or find another security hole in another open-source project, rinse, repeat. Now, according to Bloomberg, citing two people familiar with the matter, it appears the NSA did just that.

According to Bloomberg, the USA’s National Security Agency knew about the Heartbleed bug “for at least two years.” Robin Seggelmann, who introduced the bug around two years ago, claims he did so unintentionally. It’s entirely possible that he’s telling the truth — but it’s also possible that the NSA paid him to create the bug, or more nefariously, hacked his computer and introduced the bug without his knowledge.

Read More

No comments:

Related Posts Plugin for WordPress, Blogger...