NSA denies exploiting Heartbleed security flaw

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,469
[highlight]The report said the secretive intelligence agency has more than 1,000 experts devoted to ferreting out these kinds of flaws[/highlight] and found the Heartbleed glitch shortly after its introduction.

The agency then made it part of its “toolkit for stealing account passwords and other common tasks,” the report said.

The flat-out denial from the NSA and The White House of any prior Heartbleed knowledge and exploitation, is to be expected, and they would only be saying different if a whistle-blower could prove that they had exploited Heartbleed.

It's inconceivable that the NSA has not studied all versions of OpenSSL from every angle to find vulnerabilities, the NSA had to have known about Heartbleed and must surely have exploited it.

I'm more concerned about the Black Hats out there that probably also knew about the Heartbleed vulnerability and exploited it for criminal activities.

The history surrounding how this vulnerability was introduced (it wasn't in older versions of OpenSSL) needs some serious investigation.

I doubt that Heartbleed is a bug and I suspect that it was most likely deliberately introduced.
 

w1z4rd

Karmic Sangoma
Joined
Jan 17, 2005
Messages
48,401
The flat-out denial from the NSA and The White House of any prior Heartbleed knowledge and exploitation, is to be expected, and they would only be saying different if a whistle-blower could prove that they had exploited Heartbleed.

It's inconceivable that the NSA has not studied all versions of OpenSSL from every angle to find vulnerabilities, the NSA had to have known about Heartbleed and must surely have exploited it.

I'm more concerned about the Black Hats out there that probably also knew about the Heartbleed vulnerability and exploited it for criminal activities.

The history surrounding how this vulnerability was introduced (it wasn't in older versions of OpenSSL) needs some serious investigation.

I doubt that Heartbleed is a bug and I suspect that it was most likely deliberately introduced.

You are basically describing the role of intelligence in all functional government.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,469
You are basically describing the role of intelligence in all functional government.

:confused:

Are you implying that SA's State Security Agency and dysfunctional government are too busy spying on SABC reporters to have studied OpenSSL and made use of Heartbleed?
 

w1z4rd

Karmic Sangoma
Joined
Jan 17, 2005
Messages
48,401
:confused:

Are you implying that SA's State Security Agency and dysfunctional government are too busy spying on SABC reporters to have studied OpenSSL and made use of Heartbleed?

:wtf: My words are what I said, your implications are your own.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,469

That was also my reaction to your previous post which seemed to have nothing to do with about 50%+ of my original post that you quoted in its entirety.

I didn't disagree with your previous post: the role, motives and behaviours of intelligence agencies is common knowledge.
 

w1z4rd

Karmic Sangoma
Joined
Jan 17, 2005
Messages
48,401
That was also my reaction to your previous post which seemed to have nothing to do with about 50%+ of my original post that you quoted in its entirety.

I didn't disagree with your previous post: the role, motives and behaviours of intelligence agencies is common knowledge.

:wtf:
 
Top