On 2014-04-11 at 21:19 +0100, Hazel wrote: > http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html > > "The U.S. National Security Agency knew for at least two years about a flaw > in the way that many websites send sensitive information, now dubbed the > Heartbleed bug, and regularly used it to gather critical intelligence, two > people familiar with the matter said."
I'll address this, but below I'll return to something more constructive for helping people now. Who may or may not have known of the vulnerability has longer term consequences, including how some of us might vote on certain matters, but doesn't really change the situation now. I will note that the problem was inserted by a German and the BND are more than capable of running their own operations without needing help from American agencies, so _if_ I were to have alcohol near to hand, for cynical speculation, that's where I'd start. It's not a verified account, but: https://twitter.com/nsa_pao/status/454720059156754434 Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public. https://twitter.com/nsa_pao/ Official page of the NSA Public Affairs Office. The National Security Agency/Central Security Service is home to America's codemakers and codebreakers. Separately, a friend and I put together a page with explanations, advice on related topics, and a list of vendor statements, and we take pull requests to improve the list. :) https://cardiac-surgery.github.io/ That may help as something to point people to? -Phil _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
