sqishy
April 11th, 2014, 06:04 PM
[From Wikipedia http://en.wikipedia.org/wiki/Heartbleed#cite_note-10
"It has been reported that the United States's National Security Agency was aware of the flaw since shortly after its introduction, but chose to keep it secret, instead of reporting it, in order to exploit it for their own purposes." ]
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
http://www.theverge.com/2014/4/11/5605444/the-nsa-has-exploited-heartbleed-bug-for-years-bloomberg-reports
http://www.wired.com/2014/04/nsa-heartbleed/
http://mashable.com/2014/04/11/nsa-heartbleed-report/
http://time.com/60082/nsa-heartbleed-bug-denial/
This is why I put 'allegedly' in the title. This could be a blame on the NSA that has no proof or validation. But the NSA either knew about this or it didn't. A possibly 2 year long bug can be found easily by top agencies. The NSA denies they knew anything about CVE-2014-0160 .
(If this story is indeed true, then my opinion on the NSA is very negative. I have never had faith or trust in government agencies like these for good reason, and if this story is true it's more reason for me to not trust them. This is my opinon only and I'm not going to let it get in the way of what I said above, but I am entitled to my opinion.)
"It has been reported that the United States's National Security Agency was aware of the flaw since shortly after its introduction, but chose to keep it secret, instead of reporting it, in order to exploit it for their own purposes." ]
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
http://www.theverge.com/2014/4/11/5605444/the-nsa-has-exploited-heartbleed-bug-for-years-bloomberg-reports
http://www.wired.com/2014/04/nsa-heartbleed/
http://mashable.com/2014/04/11/nsa-heartbleed-report/
http://time.com/60082/nsa-heartbleed-bug-denial/
This is why I put 'allegedly' in the title. This could be a blame on the NSA that has no proof or validation. But the NSA either knew about this or it didn't. A possibly 2 year long bug can be found easily by top agencies. The NSA denies they knew anything about CVE-2014-0160 .
(If this story is indeed true, then my opinion on the NSA is very negative. I have never had faith or trust in government agencies like these for good reason, and if this story is true it's more reason for me to not trust them. This is my opinon only and I'm not going to let it get in the way of what I said above, but I am entitled to my opinion.)