nanog mailing list archives
Fwd: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 11 Apr 2014 15:30:39 -0400
I'm not forwarding this to get into politics. I'm forwarding it because of the impact on operational security. Given the recent "I hunt sysadmins" leak, I think it's not unreasonable to suggest that everyone on this list has probably been targeted because of their privileged access to networks/servers/services/etc. ---rsk ----- Forwarded message from Richard Forno <rforno () infowarrior org> -----
Date: Fri, 11 Apr 2014 15:05:03 -0400 From: Richard Forno <rforno () infowarrior org> To: Infowarrior List <infowarrior () attrition org> Subject: [Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years NSA Said to Have Used Heartbleed Bug, Exposing Consumers By Michael Riley Apr 11, 2014 2:58 PM ET http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA's decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government's top computer experts. Heartbleed appears to be one of the biggest glitches in the Internet's history, a flaw in the basic security of as many as two-thirds of the world's websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems. Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations' intelligence arms and criminal hackers. Controversial Practice "It flies in the face of the agency's comments that defense comes first," said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. "They are going to be completely shredded by the computer security community for this."
[snip]
Current thread:
- Fwd: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Rich Kulawiec (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Stephen Frost (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Chris Adams (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Donald Eastlake (Apr 14)
- RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew Black (Apr 14)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Mike A (Apr 18)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Niels Bakker (Apr 11)
- Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] William Herrin (Apr 11)