Since this entry was published the NSA had denied any part in knowing the Heartbleed flaw existed. Their adherence to the truth has been less than exemplary in the past. Let’s let this play out. – Geoff
You’ve probably heard about the Heartbleed bug by now. It’s a flaw introduced to to SSL (Secure Sockets Layer); a mistake as code was updated.
Simply put, Internet data transmissions we thought were secure were not. Things like passwords, financial information, anything private was easily cracked.
The bug languished mostly unknown for years. That’s called security by obscurity. Never a good idea. We’re seeing that now.
As far as I can tell Heartbleed’s never been exploited for nefarious commercial purposes. It has that potential. However, it has been exploited by our government’s spies!
The NSA knew Heartbleed existed. They had a choice, tell the maintainers of the code to fix it or exploit it themselves and leave us vulnerable. They chose the latter.
Now, because the NSA felt their ability to soak up data trumped our collective security, Heartbleed is a big deal! Leaving this security hole open for years is reprehensible.
More and more it seems America’s intelligence agencies, beginning with the NSA, are out-of-control. They have lost sight of their actually mission–protecting us. Instead we are more vulnerable and our international partners know we can’t be trusted with their precious secrets.
This story was broken by Michael Riley at Bloomberg News.
“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”
It’s time we have a come to Jesus meeting with our spies. Is everyone in Washington that scared of them?