[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NSA alleged to have known & used Heartbleed for 2 years
On 4/11/14, 4:26 PM, Gregory Foster wrote:
> Bloomberg (Apr 11) - "NSA Said to Have Used Heartbleed Bug, Exposing
> Consumers":
> http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
>
>> The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
> On 4/11/14, 2:33 PM, Gregory Foster wrote:
> Denials:
> https://twitter.com/NSA_PAO/status/454720059156754434
> https://twitter.com/csoghoian/status/454725375332192256
>
> I couldn't find the primary source for the White House NSC statement
> Christopher posted. The "Vulnerabilities Equities Process" used to
> ascertain whether or not to report 0-days sounds FOIA-worthy.
NYT (Apr 12) - "Obama Lets N.S.A. Exploit Some Internet Flaws, Officials
Say" by David @SangerNYT:
http://www.nytimes.com/2014/04/13/us/politics/after-heartbleed-bug-obama-decides-us-should-reveal-internet-security-flaws.html
> Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations [by a presidential advisory committee] was now complete, and it had resulted in a â??reinvigoratedâ?? process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.
>
> â??This process is biased toward responsibly disclosing such vulnerabilities,â?? she said.
gf
--
Gregory Foster || [email protected]
@gregoryfoster <> http://entersection.com/