posted on Apr, 12 2014 @ 01:52 PM
So I'm sure a lot of you are aware of Operation Heartbleed which has come to surface this week (Although I thought it would have made breaking news).
If you don't know what it is, it's a serious vulnerability in the OpenSSL Internet encryption protocol and has potentially left the information of
most Internet users vulnerable to hackers - according too Google's security adviser researcher Neel Mehta and a team of codenomicon researchers.
Quote from this source: Article on
That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm
whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active
websites, and has existed for roughly two years.
OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known
as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives
messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake
heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as
usernames, passwords, credit card numbers, emails, and more.
In short, our passwords, usernames, bank details, anything we've typed into a website has potentially been stored and this has been going on for two
A couple of days after this news came out there was another article, in which the NSA has known about the heartbleed bug for the 2 years and have even
exploited it to gather sensitive information which is no surprise considering their ideology and what we've heard about them in the past couple of
A short bit and the full article here:NSA
According to a report by Bloomberg, USA's National Security Agency had been aware of the Heartbleed bug long before it was made public on
Monday. It also went on to add that the agency exploited the bug on a regular basis so as to gather critical intelligence.
Bloomberg says that the agency declined to comment on the report, before going on to deny that it was aware of Heartbleed.
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong," according to an
e-mailed statement from the Office of the Director of National Intelligence.
It comes as no surprise that the NSA found the bug early, since it has many powerful resources at its disposal, including budgets that allow it to
spend over a billion every year on data processing and exploitation, according to TheVerge.
What has this got to do with a different view and how is this different to any thread explaining about the heartbleed bug? Well I'd like to offer my
theory on what this is.
We've been asked and prompted to change our passwords on anything we're logged into online; Social media sites, internet banking etc. That got me
thinking, what if the whole story on this operation is just a fake and the 'real' bug will be used in the future? It would be so easy for them to
make us panic about this, and in that time plant a real bug/key logger type of thing so then they have everybodys new passwords, hey presto you have
the entire internets passwords and information with almost no hassle at all.
Just my thoughts, I don't think I've worded it correctly (forgive me I've had a tiring week) so anything you're unclear about just ask. What's
your 2 cents?