I'm not forwarding this to get into politics. I'm forwarding it because of the impact on operational security. Given the recent "I hunt sysadmins" leak, I think it's not unreasonable to suggest that everyone on this list has probably been targeted because of their privileged access to networks/servers/services/etc.
---rsk ----- Forwarded message from Richard Forno <rfo...@infowarrior.org> ----- > Date: Fri, 11 Apr 2014 15:05:03 -0400 > From: Richard Forno <rfo...@infowarrior.org> > To: Infowarrior List <infowarr...@attrition.org> > Subject: [Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years > > NSA Said to Have Used Heartbleed Bug, Exposing Consumers > > By Michael Riley Apr 11, 2014 2:58 PM ET > > http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html > > The U.S. National Security Agency knew for at least two years about a flaw > in the way that many websites send sensitive information, now dubbed the > Heartbleed bug, and regularly used it to gather critical intelligence, > two people familiar with the matter said. > > The NSA's decision to keep the bug secret in pursuit of national security > interests threatens to renew the rancorous debate over the role of the > government's top computer experts. > > Heartbleed appears to be one of the biggest glitches in the Internet's > history, a flaw in the basic security of as many as two-thirds of the > world's websites. Its discovery and the creation of a fix by researchers > five days ago prompted consumers to change their passwords, the Canadian > government to suspend electronic tax filing and computer companies > including Cisco Systems Inc. to Juniper Networks Inc. to provide patches > for their systems. > > Putting the Heartbleed bug in its arsenal, the NSA was able to obtain > passwords and other basic data that are the building blocks of the > sophisticated hacking operations at the core of its mission, but at a > cost. Millions of ordinary users were left vulnerable to attack from > other nations' intelligence arms and criminal hackers. > > Controversial Practice > > "It flies in the face of the agency's comments that defense comes first," > said Jason Healey, director of the cyber statecraft initiative at the > Atlantic Council and a former Air Force cyber officer. "They are going > to be completely shredded by the computer security community for this." [snip]
