The NSA has exploited #Heartbleed bug for years, Bloomberg reports
Ashie S Hirji stashed this in Heartbleed
Bloomberg is reporting that the Heartbleed bug, which shocked the web security community this week, has been known and actively exploited by the National Security Agency for at least two years. According to two anonymous sources familiar with the matter, the bug was kept secret in the interest of national security, while the agency used it to obtain passwords and other data. Since the bug was first committed in 2012, the report suggests the NSA discovered the bug and maintained access for nearly the entire lifespan of Heartbleed.
“If the NSA knows about a vulnerability, then often other nation states and even criminal organizations can exploit the same security vulnerability,” said Harley Geiger, senior counsel for the Center for Democracy & Technology in Washington. “What may be a good tool for the NSA may also turn out to be a tool for organizations that are less ethical or have no ethics at all.”