NSA Said to Have Used Heartbleed Bug, Exposing Consumers

[Wilikon]

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

[Wilikon]

Proof that, if it knows about that missing plane position thanks to its spy satellites and other means, the NSA will NEVER share that information to save lives.

[cooldgamer]

It gets worse every day...

[Wilikon]

It gets worse every day...

I have spent the last 2 hrs resetting and changing all my passwords on the concerned sites. Here is a list. This should be on every section of bitcointalk.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

http://mashable.com/search/?t=stories&q=heartbleed

[Equate]

No wonder many critical bugs are still unpatched and being exploited in the wild.

[murraypaul]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

[cooldgamer]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

[Wilikon]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

Supposedly the NSA's mission is about protecting, not just spying on the US citizen. Lots of companies are American paying taxes, taxes helping the NSA's employees. But It needs to spy, not to protect thus making everyone exposed to the bug.

Because it is its nature. We are the frog, NSA is the scorpion on our back.

[murraypaul]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

[Wipeout2097]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

[harkonnen]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

Code quality tends to be higher when it's fun to code. When you work for the money, have to meet the deadline, have to work on the project you don't really have passion for it degrade overall code quality.
Plus source codes of free software / open source are open. And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

[murraypaul]

And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

As you don't have access to the source code to non-open-source projects to compare, that is really more of an article of faith than actually proven, isn't it?

[Wipeout2097]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Of course it is! It's part of the well paid job of thousands of very high grade professionals.

The open source community writes code "for fun". Squashing those last bugs is time consuming and boring.

Code quality tends to be higher when it's fun to code. When you work for the money, have to meet the deadline, have to work on the project you don't really have passion for it degrade overall code quality.
Plus source codes of free software / open source are open. And it's been proven that programmers tend to produce better code with good documentation, and pay more attention to details without derails(work around and hacks). Because people are watching what you've done, you will go back to your work for typos and grammars.

Ok, but that has barely anything to do with my point. Note that I'm not saying if NSA is better at writing code than the open source community, or not. The "comparison" is made between NSA hackers/exploiters ability to crack vs OSS developers to plug holes, not OSS vs commercial devs, neither NSA vs Defcon participants. It's somewhat apples and oranges comparison, yes, but that is what I'm replying to.

[zolace]

How do we know there isn't a new security "flaw" or "bug" that will capture you login and password when you change it? and this is NSA way for getting everyone to change their password so they can capture it?

[Wilikon]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

My game theory, based on evidence, tells me I should not believe the NSA or anyone representing this organization.

https://www.youtube.com/watch?v=4v7YtTnon90

[TheIrishman]

The NSA's Heartbleed problem is the problem with the NSA

http://www.theguardian.com/commentisfree/2014/apr/12/the-nsas-heartbleed-problem-is-the-problem-with-the-nsa

<< What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely. >>

[Wilikon]

The NSA's Heartbleed problem is the problem with the NSA

http://www.theguardian.com/commentisfree/2014/apr/12/the-nsas-heartbleed-problem-is-the-problem-with-the-nsa

<< What the agency's denial isn't telling you: it didn't even need know about the bug to vacuum your privacy and store it indefinitely. >>

Hey! I should write for the Guardian if my English wasn't atrocious. That was the point I was making in post #8

[Wilikon]

No wonder many critical bugs are still unpatched and being exploited in the wild.

How does that make sense?
The NSA discovering a bug but not publicising it leaves the world no different to if the NSA had never found it, or if there had been no NSA.

The NSA knew about this 2 years ago... the bug popped up 2 years ago... I don't think it takes a tin foil hat to put them together here

That the NSA is much better at finding software vulnerabilities than the open source community?

Plus: You don't know that the NSA knew about it two years ago. You know that a reporter says that two unnamed sources say that the NSA knew about it about two years ago.

http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html


---------------------------------------------------------------------------------------------------------
Obama is such a great dude.