NSA alleged to have known & used Heartbleed for 2 years
Gregory Foster
gfoster at entersection.org
Fri Apr 11 14:26:35 PDT 2014
On 4/11/14, 2:33 PM, Gregory Foster wrote:
> Bloomberg (Apr 11) - "NSA Said to Have Used Heartbleed Bug, Exposing
> Consumers":
> http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
>
>> The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
Denials:
https://twitter.com/NSA_PAO/status/454720059156754434
https://twitter.com/csoghoian/status/454725375332192256
I couldn't find the primary source for the White House NSC statement
Christopher posted. The "Vulnerabilities Equities Process" used to
ascertain whether or not to report 0-days sounds FOIA-worthy.
gf
--
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/
More information about the cypherpunks
mailing list