Bloomberg: NSA Said to Exploit Heartbleed Bug for Intelligence for Years

And now, some bad (but unsurprising) Heartbleed news, reported by Michael Riley for Bloomberg:

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

For what it’s worth, the NSA Public Affairs Office tweeted a denial:

Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.

Update: Full statement from the NSA here. Doesn’t seem to leave any wiggle room.

Friday, 11 April 2014