Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

  1. #1
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,206

    Default NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

    The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
    Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.

    Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
    Source: Bloomberg
    .: miuku @ #opensuse @ irc.libera.chat

  2. #2

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    More hype for the masses.

  3. #3
    Join Date
    Jun 2008
    Location
    UK
    Posts
    5,500

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by Miuku View Post
    Source: Bloomberg
    Posting the quote here in Soabbox without offering any opinion might be seen as the act of an "agent provocateur". Perhaps the idea crossed your mind that the NSA might have fixed the bug.
    Leap 42.3 (ext4, KDE Plasma 5.8.7) ~ stable
    Manjaro (ext4, Xfce) ~ rolling updates
    Tumbleweed (ext4, KDE Plasma5) ~ managed updates via "Tumbleweed Snapshots" service.

  4. #4
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,206

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by consused View Post
    Posting the quote here in Soabbox without offering any opinion might be seen as the act of an "agent provocateur". Perhaps the idea crossed your mind that the NSA might have fixed the bug.
    Well this is nice, I posted something long here but the forums bugged out and decided to erase it all and returned me to an empty page with nothing in it.

    In short; NSA knew about it for years as did most certainly other agencies and worst of all - criminals.
    .: miuku @ #opensuse @ irc.libera.chat

  5. #5
    Join Date
    Jun 2008
    Location
    UK
    Posts
    5,500

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by Miuku View Post
    Well this is nice, I posted something long here but the forums bugged out and decided to erase it all and returned me to an empty page with nothing in it.
    Very annoying when it happens, and unlucky. I've had that. The only way to avoid totally is to compose off line and copy into post. Sometimes for longer posts I copy to clipboard, and sometimes that persists across the failure, and copied into a new post. It can be the case if one starts afresh, the paraphrased version is briefer and more to the point.

    In short; NSA knew about it for years as did most certainly other agencies and worst of all - criminals.
    Criminals will exploit any loophole. Here the Police Service is supposed to protect the public from criminal activity, but they are unlikely IMO to uncover exploitable software components. It would have to be a really, really serious crime to justify the forensic work involved. I don't think the NSA or security services generally are in place to protect us in that way. Where were all the so-called professional security hackers and expert companies?

    Surely, the responsibility lies with the owning software project and the coders. They unwittingly gifted the NSA and others with a useful tool as an advantage over their enemies or at least equivalence in capability.
    Leap 42.3 (ext4, KDE Plasma 5.8.7) ~ stable
    Manjaro (ext4, Xfce) ~ rolling updates
    Tumbleweed (ext4, KDE Plasma5) ~ managed updates via "Tumbleweed Snapshots" service.

  6. #6

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Miuku wrote:

    > Well this is nice, I posted something long here but the forums bugged
    > out and decided to erase it all and returned me to an empty page with
    > nothing in it.
    >


    Another plus for NNTP and the "sent" folder ;-)

    --
    Will Honea


  7. #7
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,206

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by whonea View Post
    Another plus for NNTP and the "sent" folder ;-)
    Too clunky, old fashioned, not to my taste.

    Plus it's a problem with this forum and nowhere else. This is the only forum I have ever ran into this issue anywhere on the web and trust me, I post _a lot_.
    .: miuku @ #opensuse @ irc.libera.chat

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,874
    Blog Entries
    1

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by Miuku View Post
    Too clunky, old fashioned, not to my taste.

    Plus it's a problem with this forum and nowhere else. This is the only forum I have ever ran into this issue anywhere on the web and trust me, I post _a lot_.
    I tend to copy/paste for exactly these occaisions (which happen every now and again). In fact, I do this for any web-based input, where I value what I've typed and don't wnat to have to recreate it for any reason.

    BTW, my views on NNTP are the same as yours!

  9. #9

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Big freaking surprise. State intelligence agencies are not the Charitable Sisters of the Holy Cross, they are people specialised in dirty tricks to further their employers' (i.e. the State they work for) power and knowledge. Anything is fair game as long as it's not in the open. We the people have a right to be kept innocently unaware of that and go on with our daily lives in the most honorable way.

  10. #10
    Join Date
    Jun 2008
    Location
    UK
    Posts
    5,500

    Default Re: NSA Said to Have Used Heartbleed Bug, Exposing Consumers

    Quote Originally Posted by Karmovorotin View Post
    Anything is fair game as long as it's not in the open. We the people have a right to be kept innocently unaware of that and go on with our daily lives in the most honorable way.
    The "Three Wise Monkeys" approach to civilization.

    It tends to backfire when a State faces a free Press and the "anything" appears in the public domain. It can also lead to international sanctions and adversely affect a State's economy. That tends to set some moral limits, but I wouldn't want to get into any specific examples here on the forum (i.e. politics, beliefs, etc not being allowed).
    Leap 42.3 (ext4, KDE Plasma 5.8.7) ~ stable
    Manjaro (ext4, Xfce) ~ rolling updates
    Tumbleweed (ext4, KDE Plasma5) ~ managed updates via "Tumbleweed Snapshots" service.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •