AbsolutePunk.net
   Username
Password
 
Politics News
Have a news tip? Submit news.

Report: NSA Knew About and Exploited Heartbleed Bug

Posted by - 02:58 PM on 04/11/14
Bloomberg is reporting that the NSA not only knew about the Heartbleed bug, but that they exploited it for at least two years. This is my reminder to you that you should be using unique passwords with all your online accounts (I recommend a password manager like 1Password).
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
 
Displaying posts 1 - 15 of 36
02:59 PM on 04/11/14
#2
Jason Tate
Online
User Info.
Jason Tate's Avatar
Also, if you like talking about tech / news / etc. -- check out the new Technology forum.
03:06 PM on 04/11/14
#3
BrucexLee
Registered User
Offline
User Info.
No Avatar Selected
Thank you Big Brother.
03:23 PM on 04/11/14
#4
Sanzen
Ricocheting
Offline
User Info.
Sanzen's Avatar
Good guy NSA.

Protecting the interests of Americans by allowing and abusing harmful security exploits.
03:28 PM on 04/11/14
#5
botDs-r
www.twitter.com/shawnhyphenray
Offline
User Info.
botDs-r's Avatar
$25??
03:36 PM on 04/11/14
#6
kianacarly
I'm living it, leaving it to change
Offline
User Info.
kianacarly's Avatar
This whole thing made me realize that I didn't even knnow most of my passwords oop
03:39 PM on 04/11/14
#7
Jason Tate
Online
User Info.
Jason Tate's Avatar
Should have mentioned it's half-off right now. A steal for great software.
03:54 PM on 04/11/14
#8
Symphonicaxiom
Tell me it's you or nothing at all
Online
User Info.
Symphonicaxiom's Avatar
Unique passwords wouldn't do any good in this case, but it's a good suggestion moving forward after everything gets fixed.
04:00 PM on 04/11/14
#9
SmeezyBeezy
DahBuhDeezy
Offline
User Info.
SmeezyBeezy's Avatar
We're fucked.
04:01 PM on 04/11/14
woominlee2
Always a student of life.
Offline
User Info.
woominlee2's Avatar
Where is Eric Snowden?
04:01 PM on 04/11/14
Amongster
Take A Deep Breath
Offline
User Info.
Amongster's Avatar
Good ol' NSA.

T_T
04:03 PM on 04/11/14
Jason Tate
Online
User Info.
Jason Tate's Avatar
Unique passwords wouldn't do any good in this case, but it's a good suggestion moving forward after everything gets fixed.
Sure they would: Having a unique password means if one site (say, Yahoo) is compromised all your sites/data (say: your bank) are not.
04:12 PM on 04/11/14
Symphonicaxiom
Tell me it's you or nothing at all
Online
User Info.
Symphonicaxiom's Avatar
Sure they would: Having a unique password means if one site (say, Yahoo) is compromised all your sites/data (say: your bank) are not.
Technically true, but an attacker who compromises your credit card info in this case could specifically target your identity on every site that uses OpenSSL with the same ease. Once you're targeted, unique passwords wouldn't do anything. And you have no idea whether or not your identity across multiple sites is now part of some repository.
04:16 PM on 04/11/14
suicidalmoose
Lindsay let me kiss your forehead!
Offline
User Info.
suicidalmoose's Avatar
It's all good, they're protecting us, guys.
04:17 PM on 04/11/14
Jason Tate
Online
User Info.
Jason Tate's Avatar
Technically true, but an attacker who compromises your credit card info in this case could specifically target your identity on every site that uses OpenSSL with the same ease. Once you're targeted, unique passwords wouldn't do anything. And you have no idea whether or not your identity across multiple sites is now part of some repository.
That's not how this bug would really work in practice, targeting in that manner would be very difficult, assuming the other entity also was impacted. However, if it wasn't affected, a uniqque password would 100% protect you vs using the same password - which would not.

NEWS, MUSIC & MORE
Search News
Release Dates
Exclusives
Best New Music
Articles
CONNECT
Submit News
Forums
Contests
Mobile Version
AP.net Logos
HIDDEN TREASURES
AbsolutePunk Podcast
Free Music
Sports Forum
Technology Forum
Recommendations
INFORMATION
Advertising
Contact Us
Copyright Policy
Terms of Service
Privacy Policy
FOLLOW
Twitter | Facebook | RSS
PropertyOfZack
UnderTheGun
Purevolume
Chorus.fm | @jason_tate