Heartbleed: A look at which companies have issued a security patch to fix the Heartbleed bug.
Were Intelligence Agencies Using Heartbleed during 2013?
Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday’s public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure.
If this bug has been previously found (but not disclosed) by government run security agencies then the last two years worth of encrypted traffic should be deemed as exposed.
A serious security bug has been found in the ubiquitous OpenSSL encryption library that allows data to be stolen in its unencrypted form. According to the heartbleed.com website, which was set up expressly to inform system admins about the potential dangers, the Heartbleed bug can be exploited …
$ mkdir "MC_Hammer"
$ chmod 000 "MC_Hammer"
Can't touch this.
Instantly connect to what’s most important to you. Follow your friends, experts, favorite celebrities, and breaking news.
Almost every organization needs to copy files securely over the Internet, keeping the contents encrypted so they remain unreadable by third parties.
“We trusted the NSA because they are charged with security for the U.S. government and U.S. critical infrastructure," said RSA Chief Technologist Sam Curry.
According to research performed by a group of professors from Johns Hopkins, the University of Wisconsin and the University of Illinois, the security company RSA used a second security tool developed by the NSA which reduced the time needed to crack secure Internet communications.