NSA knew about the bug heartbleed and used it regularly to gather information for at least two years, they told Bloomberg sources he does not name.
If the (valid) website's post is true, the NSA could collect information such as passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source OpenSSL λογισμικό κρυπτογράφησης, που χρησιμοποιείται για την ασφάλεια των δεδομένων σε εκατοντάδες χιλιάδες ιστοσελίδες, συμπεριλαμβανομένου των Gmail και Facebook.
About two hours after Bloomberg was published, NSA and the White House denied claims in statements they sent to Mashable.
"The NSA was unaware of OpenSSL vulnerability, the so-called Heartbleed, until it was leaked by a cyber company," an NSA spokesman told Mashable. "Posts that say otherwise are incorrect."
Representative of the National Security Council, Caitlin Hayden, also said that neither the NSA nor any other federal agency knew about the Heartbleed bug.
"If the federal government, including the intelligence community, had discovered the vulnerability, they would have reported it to the OpenSSL community," Hayden said in a statement.
Of course, we would expect nothing more than government statements, as if it were revealed that the NSA had left the door open to other intelligence services and across the world it would run counter to what the agency claims to be its primary mission . If you forgot the mission of the secret service to remind that it is it that protects and defends cyber security.
The Bloomberg revelation, however, seems to have shocked a lot of people, although it should come as no surprise. During the duration των τελευταίων ημερών, ορισμένοι είχαν ήδη αναρωτηθεί αν η NSA χρησιμοποιούσε το Heartbleed για να παραβιάσει την κρυπτογράφηση SSL, δεδομένου ότι τα έγγραφα που they leaked by Edward Snowden revealed that the service has been trying to violate it for years.
"I would not be surprised if the NSA discovered the vulnerability long before us," Matt Blaze, a cryptographer and professor at the University of Pennsylvania, told Wired. "It's definitely something the NSA would have found extremely useful in their arsenal."
