You are viewing our Forum Archives. To view or take place in current topics click here.
Nsa denies hearbleed bug
Posted:

Nsa denies hearbleed bugPosted:

TomCruise
  • Resident Elite
Status: Offline
Joined: Mar 21, 201410Year Member
Posts: 201
Reputation Power: 14
Status: Offline
Joined: Mar 21, 201410Year Member
Posts: 201
Reputation Power: 14
[ Register or Signin to view external links. ]

The National Security Agency on Friday denied a report that it has been aware for years of the enormous 'Heartbleed' security flaw affecting millions of websites, but kept the information secret and used it for its own purposes.

Bloomberg, citing unidentified sources, reported Friday that the NSA knew about Heartbleed for two years before the public disclosure of the bug by security researchers last week.

NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong," the agency said in a statement to NBC News.

Heartbleed is a flaw in OpenSSL, a piece of code intended to create a secure connection between a server and Web browser for example, between an online shop and customer. The bug allows an attacker to make the server surrender bits of information out of its memory that should not be accessible. What's more, the exploit leaves no trace
By some estimates Heartbleed puts two-thirds of all websites at risk, and the ease of taking advantage of the bug means no site was safe from attack. That means everything from passwords to credit card numbers to closely-guarded industrial secrets might have been leaked over the last few years to hackers. And there's not a lot consumers can do until the sites fix the problem on their end.

The U.S. government on Friday warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by Heartbleed.

The Bloomberg report said the NSA, by exploiting Heartbleed, was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission.

If the reports were true, they would represent a serious breach of the agency's mission.

"Theres no excuse for leaving Americans and U.S. businesses vulnerable to breaches on this scale," said Julian Waits Sr., CEO of ThreatTrack Security. "They should be helping to shore up vulnerabilities, not exploiting them."

NBC News received a second, stronger statement of denial from the National Security Council, a policy-making group chaired by the President.

"The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services," the statement read in part. "If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."


let me know what you think

The following 1 user thanked TomCruise for this useful post:

Miss (04-11-2014)
#2. Posted:
OXT
  • TTG Contender
Status: Offline
Joined: Feb 17, 201212Year Member
Posts: 3,514
Reputation Power: 136
Status: Offline
Joined: Feb 17, 201212Year Member
Posts: 3,514
Reputation Power: 136
Nice post bro keep this up.
#3. Posted:
Swift
  • 1000 Thanks
Status: Offline
Joined: Jul 27, 201113Year Member
Posts: 14,536
Reputation Power: 1278
Status: Offline
Joined: Jul 27, 201113Year Member
Posts: 14,536
Reputation Power: 1278
Nothing really surprises me anymore with all this stuff.
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.