Re: OT:[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years

--- mi...@mikea.ath.cx wrote: From: Mike A On Fri, Apr 18, 2014 at 03:47:25PM -0700, Scott Weeks wrote: > > :: There being no cable between the Hawaiian Islands > :: and the mainland at the time > > Wait...what? > > https://en.wikipedia.org/wiki/Submarine_communications_cable#Submarine_cable

Re: OT: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 18, 2014 at 03:47:25PM -0700, Scott Weeks wrote: > > :: There being no cable between the Hawaiian Islands > :: and the mainland at the time > > Wait...what? > > https://en.wikipedia.org/wiki/Submarine_communications_cable#Submarine_cables_across_the_Pacific > > "The first trans-pac

OT: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

:: There being no cable between the Hawaiian Islands :: and the mainland at the time Wait...what? https://en.wikipedia.org/wiki/Submarine_communications_cable#Submarine_cables_across_the_Pacific "The first trans-pacific cables were completed in 1902-03, linking the US mainland to Hawaii in 19

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 10:09:14PM +, Matthew Black wrote: > IIRC, the message was sent via courier instead of cable or telephone to > prevent interception. Did the military not even trust its own cryptographic > methods? Or did they not think withdrawal of the Japanese ambassador was not > ver

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Wed, Apr 16, 2014 at 9:39 PM, TGLASSEY wrote: > BAE did this cute poster on the attack model > > https://image-store.slidesharecdn.com/6f0027d2- > c58c-11e3-af1f-12313d0148e5-original.jpeg?goback=%2Egde_1271127_member_ > 5862330295302262788 I'm guessing accuracy probably wasn't their primary

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

BAE did this cute poster on the attack model https://image-store.slidesharecdn.com/6f0027d2-c58c-11e3-af1f-12313d0148e5-original.jpeg?goback=%2Egde_1271127_member_5862330295302262788 On 4/16/2014 7:50 PM, Barry Shein wrote: On April 17, 2014 at 10:03 g...@gdt.id.au (Glen Turner) wrote: > Jas

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On April 16, 2014 at 15:34 jason.iann...@gmail.com (Jason Iannone) wrote: > I can't cite chapter and verse but I seem to remember this zeroing > problem was solved decades ago by just introducing a bit which said > this chunk of memory or disk is new (to this process) and not zeroed > but if t

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On April 17, 2014 at 10:03 g...@gdt.id.au (Glen Turner) wrote: > Jason Iannone wrote: > > I can't cite chapter and verse but I seem to remember this zeroing > > problem was solved decades ago by just introducing a bit which said > > this chunk of memory or disk is new (to this process) and not

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Jason Iannone wrote: > I can't cite chapter and verse but I seem to remember this zeroing > problem was solved decades ago by just introducing a bit which said > this chunk of memory or disk is new (to this process) and not zeroed > but if there's any attempt to actually access it then read it back

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Wed, Apr 16, 2014 at 4:12 PM, Larry Sheldon wrote: > If the hardware (as has been suggested) or the OS does any of this, how do > diagnostic routine in or running under the OS work? > The OS does it, when allocating memory to userland programs. For memory, before memory is allocated to a new

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/16/2014 4:34 PM, Jason Iannone wrote: I can't cite chapter and verse but I seem to remember this zeroing problem was solved decades ago by just introducing a bit which said this chunk of memory or disk is new (to this process) and not zeroed but if there's any attempt to actually access it t

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

I can't cite chapter and verse but I seem to remember this zeroing problem was solved decades ago by just introducing a bit which said this chunk of memory or disk is new (to this process) and not zeroed but if there's any attempt to actually access it then read it back as if it were filled with ze

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

I can't cite chapter and verse but I seem to remember this zeroing problem was solved decades ago by just introducing a bit which said this chunk of memory or disk is new (to this process) and not zeroed but if there's any attempt to actually access it then read it back as if it were filled with z

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Tue, Apr 15, 2014 at 6:56 AM, Matthew Black wrote: > Seriously? When files are deleted, their sectors are simply released to > the free space pool without erasing their contents. Allocation of disk > sectors without clearing them gives users/programs access to file contents > previously stored

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

- > From: Doug Barton [mailto:do...@dougbarton.us] > Sent: Monday, April 14, 2014 7:48 PM > To: nanog@nanog.org > Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] > > On 04/14/2014 05:50 PM, John Levine wrote: >> In article <534c68f4@cox.ne

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

state university, long beach -Original Message- From: Doug Barton [mailto:do...@dougbarton.us] Sent: Monday, April 14, 2014 7:48 PM To: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] On 04/14/2014 05:50 PM, John Levine wrote: > I

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 6:00 PM, Larry Sheldon wrote: > Is the heartbleed bug not proof positive that it is not being done today? > On the contrary. Heartbleed is "proof" that memory IS cleared before being assigned to a *process*. The data available via the vulnerability is limited to data fro

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 7:47 PM, Doug Barton wrote: > On 04/14/2014 05:50 PM, John Levine wrote: > >> In article <534c68f4@cox.net> you write: >> >>> On 4/14/2014 9:38 AM, Matthew Black wrote: >>> Shouldn't a decent OS scrub RAM and disk sectors before allocating them to processes,

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:50 PM, John Levine wrote: In article <534c68f4@cox.net> you write: On 4/14/2014 9:38 AM, Matthew Black wrote: Shouldn't a decent OS scrub RAM and disk sectors before allocating them to processes, unless that process enters processor privileged mode and sets a call flag? I r

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 05:02 PM, Nathan Angelacos wrote: On 04/14/2014 07:14 PM, Michael Thomas wrote: It's much, much worse than that. I can still read code plenty fine, but bugs can be extremely obscure, and triply so with convoluted security code where people are actively going after you to find prob

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/2014 7:50 PM, John Levine wrote: In article <534c68f4@cox.net> you write: On 4/14/2014 9:38 AM, Matthew Black wrote: Shouldn't a decent OS scrub RAM and disk sectors before allocating them to processes, unless that process enters processor privileged mode and sets a call flag? I rec

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

In article <534c68f4@cox.net> you write: >On 4/14/2014 9:38 AM, Matthew Black wrote: >> Shouldn't a decent OS scrub RAM and disk sectors before allocating >> them to processes, unless that process enters processor privileged >> mode and sets a call flag? I recall digging through disk sectors on

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 07:14 PM, Michael Thomas wrote: It's much, much worse than that. I can still read code plenty fine, but bugs can be extremely obscure, and triply so with convoluted security code where people are actively going after you to find problems in most inventive ways. Openssl, etc, probab

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Larry Sheldon writes: > On 4/14/2014 9:38 AM, Matthew Black wrote: > >Shouldn't a decent OS scrub RAM and disk sectors before allocating > >them to processes, unless that process enters processor privileged > >mode and sets a call flag? I recall digging through disk sectors on > >RSTS/E to look fo

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/14 4:06 PM, Randy Bush wrote: for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probability of a next one by actively auditing source as our civic duty. is that kind of like jury duty? if only it were more like literature, which

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/2014 3:05 PM, William Herrin wrote: I thought vendors existed primarily as a place to hang the blame when dealing with a manager or customer who just doesn't get it. Truth value very high. Humor value, less than none. -- Requiescas in pace o email Two identifying characte

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/2014 2:59 PM, Patrick W. Gilmore wrote: Or we can flame anyone who tries, then wonder why no one is trying. Amen. I was just thinking, after reading the umpteenth message here about spam, about the times in the 1990's that I was literally driven away because I was trying to get ahe

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>> for those you can blame the vendor. this one is owned by the >> community. it falls on us to try to lower the probability of a next >> one by actively auditing source as our civic duty. > is that kind of like jury duty? if only it were more like literature, > which we could read for enjoyment

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/14/2014 9:38 AM, Matthew Black wrote: Shouldn't a decent OS scrub RAM and disk sectors before allocating them to processes, unless that process enters processor privileged mode and sets a call flag? I recall digging through disk sectors on RSTS/E to look for passwords and other interesting s

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

From: Donald Eastlake [mailto:d3e...@gmail.com] Sent: Monday, April 14, 2014 8:28 AM To: Matthew Black Cc: William Herrin; nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] Matthew, On Mon, Apr 14, 2014 at 10:48 AM, Matthew Black mailto:matthew.bl

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 12:59 PM, Patrick W. Gilmore wrote: I applaud Akamai for trying, for being courageous enough to post code, and > for bucking the trend so many other companies are following by being more > secretive every year. > Just to be clear, so do I! As I said, the end result was n

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 03:59:21PM -0400, Patrick W. Gilmore wrote: > On Apr 14, 2014, at 15:47 , Scott Howard wrote: > > On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker > > wrote: > > >> At least one vendor, Akamai is helping out now: > >> http://marc.info/?l=openssl-users&m=139723710923076&w=2

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/14/2014 12:59 PM, Patrick W. Gilmore wrote: On Apr 14, 2014, at 15:47 , Scott Howard wrote: On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker wrote: At least one vendor, Akamai is helping out now: http://marc.info/?l=openssl-users&m=139723710923076&w=2 I hope other vendors will follow sui

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 3:59 PM, Patrick W. Gilmore wrote: > I applaud Akamai for trying, for being courageous enough to post > code, and for bucking the trend so many other companies are > following by being more secretive every year. > > Or we can flame anyone who tries, then wonder why no one i

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Apr 14, 2014, at 15:47 , Scott Howard wrote: > On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker wrote: >> At least one vendor, Akamai is helping out now: >> http://marc.info/?l=openssl-users&m=139723710923076&w=2 >> I hope other vendors will follow suit. > > > Although it appears they may now

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker wrote: > At least one vendor, Akamai is helping out now: > http://marc.info/?l=openssl-users&m=139723710923076&w=2 > I hope other vendors will follow suit. Although it appears they may now be regretting doing so... http://www.techworld.com.au/articl

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Mon, Apr 14, 2014 at 9:27 AM, TGLASSEY wrote: > Vladis is %100 on the money here. Lets take this a step farther and ask is > there a criminal liability for the person who checked that code in - Oh you > bet there is... > > Todd Thank you--I needed some humour in my morning, I was starting to

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Vladis is %100 on the money here. Lets take this a step farther and ask is there a criminal liability for the person who checked that code in - Oh you bet there is... Todd On 4/11/2014 5:49 PM, valdis.kletni...@vt.edu wrote: On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said: The interest

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

g.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this.

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Apr 13, 2014, at 7:52 AM, Randy Bush wrote: >>> the point of open source is that the community is supposed to be doing >>> this. we failed. >> Versus all of the closed source bugs that nobody can know of or do >> anything about? > > for those you can blame the vendor. this one is owned by

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

.@gmail.com matthew black > california state university, long beach > > > -Original Message- > From: William Herrin [mailto:b...@herrin.us] > Sent: Friday, April 11, 2014 2:06 PM > To: nanog@nanog.org > Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

nden: Sunday, April 13, 2014 6:53 PM Aan: nanog@nanog.org Onderwerp: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] * ra...@psg.com (Randy Bush) [Sun 13 Apr 2014, 16:52 CEST]: >>>the point of open source is that the community is supposed to be >>>doing this. we f

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

al Message- From: William Herrin [mailto:b...@herrin.us] Sent: Friday, April 11, 2014 2:06 PM To: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] On Fri, Apr 11, 2014 at 4:10 PM, Niels Bakker wrote: > Please go read up on some recent and less r

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Le 2014-04-14 10:38, Matthew Black a écrit : > Shouldn't a decent OS scrub RAM and disk sectors before allocating them to > processes, unless that process enters processor privileged mode and sets a > call flag? I recall digging through disk sectors on RSTS/E to look for > passwords and other in

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

black california state university, long beach -Original Message- From: Randy Bush [mailto:ra...@psg.com] Sent: Sunday, April 13, 2014 7:31 AM To: Bengt Larsson Cc: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] > It's quite plausible th

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>And we all know how well civic duty works as a motivator. If we really >want to do something >constructive, convince the corpro-takers to open their wallets to fund >those auditing functions. For once, I agree with Mike. (Twice in one year?) Considering how widely openssl is used, and how imp

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

LTE Device Original message From: Niels Bakker Date: 04/13/2014 10:55 AM (GMT-07:00) To: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] * ra...@psg.com (Randy Bush) [Sun 13 Apr 2014, 16:52 CEST]: >>>the point of open

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

* ra...@psg.com (Randy Bush) [Sun 13 Apr 2014, 16:52 CEST]: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. BSAFE is almost worse if

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:52 AM, Randy Bush wrote: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. Or not. this one is owned by the communit

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>> the point of open source is that the community is supposed to be doing >> this. we failed. > Versus all of the closed source bugs that nobody can know of or do > anything about? for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probabi

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:30 AM, Randy Bush wrote: It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source b

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

> It's quite plausible that they watch the changes in open-source > projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. randy

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Matt Palmer wrote: > * The NSA found it *amazingly* quickly (they're very good at what they do, > but I don't believe them have superhuman talents); or It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything.

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

2014 7:50 PM To: Matt Palmer Cc: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said: Heck, there's a good chance that automated tools could have spotted it.

RE: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Cc: nanog@nanog.org Subject: Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years] On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said: Heck, there's a good chance that automated tools could have spotted it.

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 11, 2014 at 6:27 PM, Peter Kristolaitis wrote: > I would imagine that federal contractors have to adhere to FIPS 140-2 > standards (or some similar requirement) for sensitive environments, and none > of the affected OpenSSL versions were certified to any FIPS standard... the > last ver

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said: > The interesting thing to me is that the article claims the NSA have been > using this for "over two years", but 1.0.1 (the first vulnerable version) > was only released on 14 Mar 2012. That means that either: > * The NSA found it *amazingl

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

--- mpal...@hezmatt.org wrote: From: Matt Palmer The interesting thing to me is that the article claims the NSA have been using this for "over two years", but 1.0.1 (the first vulnerable version) was only released on 14 Mar 2012. That means that either: * The NSA put it in there (still a bri

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

And their Level 3 to 4 accomplished what exactly?? They were owned the same way the own others, from the inside. On 4/11/14, 4:27 PM, "Peter Kristolaitis" wrote: > >On 4/11/2014 4:03 PM, William Herrin wrote: The U.S. National Security Agency knew for at least two years about a flaw >>>

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 11, 2014 at 5:56 PM, Matt Palmer wrote: > You're assuming that the NSA is a single monolithic entity. IIRC, the > offense team and the defense team don't really talk much, and they > *certainly* have very different motivations. It wouldn't surprise me at all > if the offense got hold

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 4/11/2014 4:03 PM, William Herrin wrote: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matt

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote: > >> The U.S. National Security Agency knew for at least two years about a flaw > >> in the way that many websites send sensitive information, now dubbed the > >> Heartbleed bug, and regularly used it to gather critical intelligence, >

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 11, 2014 at 4:10 PM, Niels Bakker wrote: > Please go read up on some recent and less recent history before making > judgments on what would be unusually gutsy for that group of people. > > I'm not saying this has been happening but you will have to come up with a > better defense than

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote: > If you told me they used it against the targets of the day while > putting out the word to patch I could buy it, but intentionally > leaving a certain bodily extension hanging in the breeze in the hopes > of gaining more valuable dat

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Once upon a time, Niels Bakker said: > but here's the same news from a much more credible source: Actually, that's the same news _from the same source_ as originally posted. That article also has other wonderful bits like: The Heartbleed flaw, introduced in early 2012 in a minor adjustment

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

* Niels Bakker (niels=na...@bakker.net) wrote: > but here's the same news from a much more credible source: > > > http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html > > Still anonymously sourced but at least via people whose ability to > vet s

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

I wrote: I'm not saying this has been happening ... but here's the same news from a much more credible source: http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html Still anonymously sourced but at least via people whose ability to vet sour

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

* b...@herrin.us (William Herrin) [Fri 11 Apr 2014, 22:04 CEST]: I call B.S. Do you have any idea how many thousands of impacted NSA servers run by contractors hung out on the Internet with sensitive NSA data? If you told me they used it against the targets of the day while putting out the word t

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>> The U.S. National Security Agency knew for at least two years about a flaw >> in the way that many websites send sensitive information, now dubbed the >> Heartbleed bug, and regularly used it to gather critical intelligence, >> two people familiar with the matter said. >> >> The NSA's decision t

Fwd: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

ileged access to networks/servers/services/etc. ---rsk - Forwarded message from Richard Forno - > Date: Fri, 11 Apr 2014 15:05:03 -0400 > From: Richard Forno > To: Infowarrior List > Subject: [Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years > > NSA