NSA Denies Exploiting 'Heartbleed' Vulnerability

Share it:
At this time Internet is filled with the news, post and queries of "HeartBleed" vulnerability that discovered Two days before by the security firm Codenomicon along with the Neel Mehta a Google Security engineer. This Vulnerability is one of the biggest security issue in the Internet Security history. This is simply because almost every third-forth of the websites was vulnerable to this Bug. Internet giants like Google, Facebook, Yahoo and so on was affected with this Security loop hole.

After this a new report has been came-up from Bloomberg, which claims that the US National Security Agency has been exploiting Heartbleed for at least two years.

Initially NSA spokesman have  declined to comment on Bloomberg reports, but after some time on twitter NSA Public Affairs have made a tweet regarding this issue. On the Tweet they denied for the exploiting the HeartBleed bug.
Additionally there was no much evidence which proofs that NSA was aware of this vulnerability. As OpenSSL would have been one of the agency’s primary targets because of its broad reach and the sensitive information it protects. Intelligence agencies have been said to hunt for and even purchase software bugs that can be used in their efforts.

Moreover, The National Security Council has also issued a denial on this, which stats the following-
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.
In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

If this happens and come true that NSA was aware of this big vulnerability of Internet then you can imagine that how much data had they collect.

For the Surveillance program, on December 2013, Facebook, Google and others firm in the industry launched Reform Government Surveillance, which set out principles advocating for more transparency and reform of surveillance laws and practices around the world.
Share it:

News

NSA

Security

Post A Comment:

0 comments:

Follow by Email