Were Intelligence Agencies Using Heartbleed during 2013?

Were Intelligence Agencies Using Heartbleed during 2013?

Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday’s public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure.

Categories Me

If this bug has been previously found (but not disclosed) by government run security agencies then the…

If this bug has been previously found (but not disclosed) by government run security agencies then the last two years worth of encrypted traffic should be deemed as exposed.

A serious security bug has been found in the ubiquitous OpenSSL encryption library that allows data to be stolen in its unencrypted form. According to the heartbleed.com website, which was set up expressly to inform system admins about the potential dangers, the Heartbleed bug can be exploited …

Categories Me

“We trusted the NSA because they are charged with security for the U.S. government and U.S. critical…

“We trusted the NSA because they are charged with security for the U.S. government and U.S. critical infrastructure," said RSA Chief Technologist Sam Curry.

According to research performed by a group of professors from Johns Hopkins, the University of Wisconsin and the University of Illinois, the security company RSA used a second security tool developed by the NSA which reduced the time needed to crack secure Internet communications.

Categories Me