NSA May Have Used Heartbleed

    Fort Meade, UNITED STATES:  (FILES): Thyis 25 January 2006 file photo shows the logo of the National Security Agency (NSA) at the Threat Operations Center inside the NSA in the Washington suburb of Fort Meade, Maryland, where US President George W. Bush delivered a speech behind closed doors and met with employees in advance of Senate hearings on the much-criticized domestic surveillance. The US National Security Agency has assembled the world's largest database of telephone records tracking the phone calls of tens of millions of AT and T, Verizon and BellSouth customers, sources familiar with the program told USA Today.  In an article published 11 May 2006, the daily said the NSA launched the secret program in 2001, shortly after the 11 September 2001 attacks, to analyze calling patterns in a bid to detect terrorist activity.  AFP PHOTO/FILES/Paul J. Richards  (Photo credit should read PAUL J. RICHARDS/AFP/Getty Images)


    As if everyone didn’t already have enough reasons to hate the National Security Agency, it has now come to light that the NSA may have known about the so-called Heartbleed bug that’s spread panic across the Internet this week, and taken advantage of it to gather information. The NSA chose not to inform the public of the bug—a glitch in the way many websites protect sensitive information—and instead used it to collect passwords and other personal data while leaving average Internet users susceptible to hackers. The White House denied this claim Friday afternoon, however. "The Federal government was not aware of the recently identified vulnerability in [the encryption software] OpenSSL until it was made public in a private sector cybersecurity report," a White House spokeswoman said.

    Read it at Bloomberg