NSA spies using Heartbleed bug as an Internet peephole?


This video is called What Is the Heartbleed Encryption Bug?

From WIRED:

Has the NSA Been Using the Heartbleed Bug as an Internet Peephole?

By Kim Zetter

04.10.14

6:30 am

When ex-government contractor Edward Snowden exposed the NSA’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort. Even Snowden touted encryption as a saving grace in the face of the spy agency’s snooping. “Encryption works,” the whistleblower said last June. “Properly implemented strong crypto systems are one of the few things that you can rely on.”

But Snowden also warned that crypto systems aren’t always properly implemented. “Unfortunately,” he said, “endpoint security is so terrifically weak that NSA can frequently find ways around it.”

This week, that caveat hit home — in a big way — when researchers revealed Heartbleed, a two-year-old security hole involving the OpenSSL software many websites use to encrypt traffic. The vulnerability doesn’t lie in the encryption itself, but in how the encrypted connection between a website and your computer is handled. On a scale of one to ten, cryptographer Bruce Schneier ranks the flaw an eleven.

Though security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol so many have trusted to protect their data. “It really is the worst and most widespread vulnerability in SSL that has come out,” says Matt Blaze, cryptographer and computer security professor at the University of Pennsylvania. But the bug is also unusually worrisome because it could possibly be used by hackers to steal your usernames and passwords — for sensitive services like banking, ecommerce, and web-based email — and by spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them.

Bloomberg news agency: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said: here.

On Friday, Bloomberg News published a report citing two sources “familiar with the matter” revealing that the National Security Agency (NSA) was aware of the existence of the Heartbleed Internet security bug for two years and routinely exploited the bug to spy on private communications, rather than revealing and patching it: here.

Snowden says NSA spying on civil rights organizations: here.

N.S.A. Breached Chinese Servers Seen as Security Threat: here.

Major U.S. technology companies have largely ended the practice of quietly complying with investigators’ demands for e-mail records and other online data, saying that users have a right to know in advance when their information is targeted for government seizure: here.

U.S. and Germany Fail to Reach a Deal on Spying: here.

Enhanced by Zemanta
About these ads

3 thoughts on “NSA spies using Heartbleed bug as an Internet peephole?

  1. Pingback: Snowden’s spying revelations win Pulitzer Prize | Dear Kitty. Some blog

  2. Pingback: Glenn Greenwald about Edward Snowden | Dear Kitty. Some blog

  3. Pingback: Cameron´s ex-underling Coulson convicted, Rupert Murdoch still at large | Dear Kitty. Some blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s