Bloomberg.com:

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The agency’s reported decision to keep the bug secret in pursuit of national security interests

threatens to renew the rancorous debate over the role of the government’s top computer experts.

The NSA has now said it knew nothing about the Heartbleed bug in a brief statement on Twitter.

Statement:  NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.
— NSA/CSS (@NSA_PAO) April 11, 2014

...by April 7th a patch had been written and committed for 1.0.1e, heartbleed.com had been registered for 3 days, there had been considerable correspondence between the Finnish company and the authors.  Google had allegedly already patched it servers.

And the NSA had not known this?

Which leads to the conclusion they are incredibly incompetent or barefaced liars.  Your choice.

And if they lied about 2 days or 2 weeks how can one believe it wasn’t two years?

Posted by: Old Grouch in In Passing at 16:35:22 GMT | No Comments | Add Comment
Post contains 222 words, total size 4 kb.