The US National Security Agency reportedly took advantage of the vulnerability that has come to be known as Heartbleed long before it was made public.
The NSA used Heartbleed "to gather critical intelligence," Bloomberg reports.
The site says two "people familiar with the matter" revealed to it that the NSA not only knew about Heartbleed for "years," but exploited it as well.
Allegedly the agency kept the exploit secret, endangering the online security of millions of people, so that it could continue using it.
He who denied it
The oft-assailed NSA has actually bothered to issue a statement over this, tweeting that it learned of Heartbleed at the same time everyone else did.
"Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public," the agency said.
Judging by other Twitter users' replies - "As if," "LOL," "Rrrrrriiiiiiiggggggghhhhhttttt," etc. - it seems some aren't satisfied by that answer.
Bleed your heart out
Heartbleed is a widespread security flaw that is said to affect as many as two thirds of all websites.
Given everything the NSA has been accused of over the last year plus, it's not surprising to learn that the agency may have used this exploit as well to gain access to internet users' private data.
Recall reports late last year that said the NSA paid millions of dollars to the security company RSA to purposely insert a backdoor in its software, leaving the NSA access to otherwise secure data.
Tsk, tsk. For now head here for a list of websites affected by Heartbleed that's being constantly updated.
from Techradar - All the latest technology news http://ift.tt/1gjVLZg
沒有留言:
張貼留言