It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active websites, and has existed for roughly two years.
OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.
According to a report by Bloomberg, USA's National Security Agency had been aware of the Heartbleed bug long before it was made public on Monday. It also went on to add that the agency exploited the bug on a regular basis so as to gather critical intelligence.
Bloomberg says that the agency declined to comment on the report, before going on to deny that it was aware of Heartbleed.
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong," according to an e-mailed statement from the Office of the Director of National Intelligence.
It comes as no surprise that the NSA found the bug early, since it has many powerful resources at its disposal, including budgets that allow it to spend over a billion every year on data processing and exploitation, according to TheVerge.
what if the whole story on this operation is just a fake and the 'real' bug will be used in the future? It would be so easy for them to make us panic about this, and in that time plant a real bug/key logger type of thing so then they have everybodys new passwords, hey presto you have the entire internets passwords and information with almost no hassle at all.
More likely than not itll come out the NSA themselves had this heartbleed 'bug' ahem. backdoor. designed and built in since the start....there is also backdoors built in to the hardware itself. You can maybe try to hide info from hackers but not the government.
Heartbleed isn't due to a SSL flaw, it's due to an implementation flaw.
reply to post by conz1992
SSL was flawed from the beginning from back doors to zero padding.
Is this a design flaw in SSL/TLS protocol specification?
No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.