The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.Part of the NSA's supposed mission is to promote American cyber-security. The NSA says that they weren't aware of Heartbleed until the press reports surfaced.
Which means that if the NSA wasn't turning a blind eye to one of the most serious security flaws in recent history (because it suited them to do so), then they're fucking incompetent.
Commence firing.
Heartbleed was difficult for regular hackers to exploit, since it required a man-in-the-middle attack where a server was interposed between you and the target server i.e. physical access to the infrastructure of the Internet, but made to order for the NSA (which has such physical access). If you're not suspicious about the NSA having something to do with the "bug", you should be...
ReplyDeleteYeah, right... 'SURE" they didn't know...
ReplyDeleteHmm.. post didn't take.
ReplyDeleteHere's your "John Stewart Moment of Zen (but not actually from him)" for today:
"...said Harley Geiger, senior counsel for the Center for Democracy & Technology in Washington.
“What may be a good tool for the NSA may also turn out to be a tool for organizations that are less ethical or have no ethics at all.”
Yes, Rakhuvar, that was a point we made when we defeated Clinton's "Clipper Chip" spy technology back in the 1990's by proving that it could be exploited by "bad guys" as well as by the "good guys". Sadly, Washington has the institutional memory of a gnat.
ReplyDelete