Sunday, April 13, 2014

The NSA And The Heartbleed Bug

Are any of us surprised to learn that this might have been the case?

From the article "NSA Exploited Heartbleed Bug for Years, Exposing Consumers":
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The agency’s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. The NSA, after declining to comment on the report, subsequently denied that it was aware of Heartbleed until the vulnerability was made public by a private security report earlier this month.

[...]

Heartbleed appears to be one of the biggest flaws in the Internet’s history, affecting the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing, and computer companies including Cisco Systems Inc. and Juniper Networks Inc. to provide patches for their systems.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers....
Read the entire article HERE.  The NSA has denied any malfeasance. Of course.

BTW, my Always On Watch account at AOL has been hacked! AOL was not supposed to have been affected by Heartbleed, so I didn't change my AOW password when I changed all my other passwords on Thursday evening. I've now changed my AOL password.

2 comments:

Unknown said...

I still think Sophos security is right, now that the 'hack' is revealed the chances of your password being hacked now after you changed it is even greater, as long as the websites don't adapt their 'sripts'

Last time i was in Europe my Yahoo account was hacked almost every day for two weeks changed my password 6 times finally created another account on another e mail provider.

Always On Watch said...

Will,
I have up on Yahoo long ago.

But I've never before had a problem with hacking that involved AOL.