And now, some bad (but unsurprising) Heartbleed news, reported by Michael Riley for Bloomberg:
The U.S. National Security Agency knew for at least two years
about a flaw in the way that many websites send sensitive
information, now dubbed the Heartbleed bug, and regularly used it
to gather critical intelligence, two people familiar with the
The NSA’s decision to keep the bug secret in pursuit of national
security interests threatens to renew the rancorous debate over
the role of the government’s top computer experts.
For what it’s worth, the NSA Public Affairs Office tweeted a denial:
Statement: NSA was not aware of the recently identified Heartbleed
vulnerability until it was made public.
Update: Full statement from the NSA here. Doesn’t seem to leave any wiggle room.
★ Friday, 11 April 2014