The discussion on the Heatbleed bug has apparently stopped here, and just about everywhere else, but I found (courtesy of another mailing list), some more reports on it, that you may have not seen. These reports suggest the the NSA knew about and exploited the bug for "at least" two years, and may have even worked to stop it from being reported and fixed.

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

Shorter link to the above article:
http://tinyurl.com/mq8owa2

Also,
http://www.sfgate.com/opinion/editorials/article/Encryption-security-compromised-in-a-heartbeat-5396510.php

Shorter link to the above article:
http://tinyurl.com/kmmqkfv

The NSA, or course, denies any knowledge, or exploitation of the bug, but you can read the article and make your own decisions on that.

Chris

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to