Link: NSA Reportedly Exploited Heartbleed for Years ☍

Shared on April 11, 2014

Michael Riley for Bloomberg (via Stephen Hackett):

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

If this is true (the NSA denies it), I really hope this is the tipping point for taking the NSA to task on the sneaky surveillance of Americans. Although this might have served them for spying, it also left these sites open for attack, and ended up not protecting Americans, the whole point of the NSA and other government security organizations.

I was trying to sum this up for someone and basically used the analogy of knowing that your neighbor’s garage had a faulty lock, and rather than letting them know, you used it for your own benefit (let’s say borrowing items). In addition, by not telling them, anyone else would have access. How is this okay?

Snippets are special posts that share a linked item with a bit of commentary.