The discussion on the Heatbleed bug has apparently stopped here, and just about
everywhere else, but I found (courtesy of another mailing list), some more
reports on it, that you may have not seen. These reports suggest the the NSA
knew about and exploited the bug for "at least" two years, and may have even
worked to stop it from being reported and fixed.
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Shorter link to the above article:
http://tinyurl.com/mq8owa2
Also,
http://www.sfgate.com/opinion/editorials/article/Encryption-security-compromised-in-a-heartbeat-5396510.php
Shorter link to the above article:
http://tinyurl.com/kmmqkfv
The NSA, or course, denies any knowledge, or exploitation of the bug, but you
can read the article and make your own decisions on that.
Chris
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
