Bloomberg: NSA knew about, exploited Open Source Heartbleed Bug for years
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.
So the NSA knew about this massive security flaw, one of the biggest in the history of the Internet, and rather than warning about the security vulnerability to all Americans, exploited it, instead.
While I can’t say I’m particularly surprised by this, I can say, I’m infuriated by it.
If it wasn’t before, the NSA has now become a complete joke. What part of “national security” is unclear to the National Security Agency, for chrissakes?!!
* * *For an additional take on the Heartbleed bug as it pertains to electronic and Internet voting systems (For example, how the fact that this huge flaw in open sourcesoftware was not discovered for years, underscoring the fact that open source is little more than a panacea when it comes to the foolhardy use of computers in elections, and how this bug should end all talk of Internet Voting forever) please listen to my rant during this week’s BradCast, beginning approximately at the :31 minute mark.