Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Report: NSA Exploited Heartbleed to Siphon Passwords for Two Years
http://www.wired.com/2014/04/nsa-exploited-heartbleed-two-years/
Report: NSA Exploited Heartbleed to Siphon Passwords for Two Years
By Kim Zetter
04.11.14 | 4:57 pm |
The NSA knew about and exploited the Heartbleed vulnerability for two years before it was publicly exposed this week, and used it to steal account passwords and other data, according to a news report.
Speculation had been rampant this week that the spy agency might have known about the critical flaw in OpenSSL that would allow hackers to siphon passwords, email content and other data from the memory of vulnerable web servers and other systems using the important encryption protocol.
That speculation appears to be confirmed by two unnamed sources who told Bloomberg that the NSA discovered the flaw shortly after it was accidentally introduced into OpenSSl in 2012 by a programmer.
The flaw “became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” the publication reports. [See NSA response below]