Report: NSA Knew About Heartbleed Vulnerability for Years, Used It to Collect Intelligence
Jason O. Gilbert Technology Editor
Apr 11, 2014
Report: NSA Knew About Heartbleed Vulnerability for Years, Used It to Collect Intelligence
The National Security Agency had been aware of the recently discovered Heartbleed vulnerability for more than two years and did nothing to inform consumers, according to a new report from Bloomberg News. Citing anonymous sources, Bloomberg claimed that the NSA exploited Heartbleed — a flaw in common Internet encryption that left passwords and other vital information visible to and obtainable by hackers — to collect intelligence on web surfers.
Bloomberg cited “two people familiar with the matter”; the NSA declined to comment through a spokesperson. Many on Twitter expressed outrage at the report, arguing that the NSA’s silence left Internet users vulnerable to cyber-attacks, despite the agency’s mandate to keep Americans safe.
Researchers with Google and security firm Codenomicon discovered the Heartbleed bug earlier this week, warning that it had existed for more than two years. Since then, many popular affected websites, including Yahoo and Tumblr, have patched the bug and urged visitors to change their passwords to protect themselves.
Also on Friday, the Department of Homeland Security warned banks and other businesses that hackers may try to use the Heartbleed bug to steal critical data.
You can read more about the Heartbleed vulnerability here. And here are our recommendations for the passwords you need to change because of Heartbleed.
UPDATE: The NSA Public Affairs Office Twitter account sent out the following statement, claiming the agency had no knowledge of Heartbleed until it was uncovered this week.
The NSC also released a longer statement, which you can read here, completely disavowing the Bloomberg report, claiming that “[i]f the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have disclosed to the community…”
"It is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose."
Follow Yahoo Tech on Facebook for all the latest tech news.
Chân thành cám ơn Quý Anh Chị ghé thăm "conbenho Nguyễn Hoài Trang Blog".
Xin được lắng nghe ý kiến chia sẻ của Quý Anh Chị trực tiếp tại Diễn Đàn Paltalk: 1Latdo Tapdoan Vietgian CSVN Phanquoc Bannuoc .
Kính chúc Sức Khỏe Quý Anh Chị .
conbenho
Tiểu Muội quantu
Nguyễn Hoài Trang
12042014
___________
Cộng sản Việt Nam là TỘI ÁC
Bao che, dung dưỡng TỘI ÁC là đồng lõa với TỘI ÁC
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment