Friday, April 11, 2014

NSA Has Known About, Used Heartbleed Bug For Years

Via the same Steven D post linked below, we learn from Bloomberg, which has two unnamed sources, that the NSA has been using the Heartbleed bug for a couple of years to gather "critical intelligence."

The NSA of course denies doing any such damned thing. Of course, loyal Muricans should always believe what they say. Yeah, right.

So the NSA's notion of patriotism when it finds a major vulnerability affecting many of the large internet services and their customers is to a) keep a lid on it, and b) exploit it.

I can't tell you what I think should be done with the NSA, but it may involve a corkscrew...


  1. This is one of those things where, when we saw this headline at work today, everybody looked at it and said "How surprising." (As in, not).

    So now it's fixed. But never fear, I'm sure they introduced a *new* "bug" into OpenSSL while fixing the "old" bug. Sigh.

    1. 'Tux, I am old enough to remember when a bug was an unintentional flaw in the code. I am not quite old enough to have watched Amazing Grace's group scotch-tape the original bug (which was in fact a bug, which had crawled into a relay and fouled it) into the log book... but I'm almost that old. And I never thought I'd live to see the day when an American intelligence agency would premeditatedly foul the works of hardware and/or software on which both the American military and the American business community utterly depend. There's something not quite right... I don't mean morally, but practically... in the American government willfully, knowingly fucking over the American computing community.



• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes