NSA Knew About Heartbleed, Exploited It for Two Years

As predicted, the huge Internet security vulnerability was used by the NSA. We should not be surprised, but furious

from salon.com: As soon as Heartbleed — the grave and widespread vulnerability which has for two years plagued Internet security — was discovered this week, skeptical and speculating eyes looked to the NSA. Some corners of the crytpography community even wondered if the bug had been purposefully planted at the bidding of spy agencies in the notoriously inscrutable OpenSSL code for mass surveillance purposes.

This was no tinfoil hat theorizing. The NSA may not have caused the critical flaw (thought to be born of human error with complicated cryptogaphy), but they certainly knew about it and exploited it. As Bloomberg News reported  Friday, the NSA “knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.”

Leave a Reply