"The NSA has exploited Heartbleed bug for years"

[TopWargamer]

http://www.theverge.com/2014/4/11/5605444/the-nsa-has-exploited-heartbleed-bug-for-years-bloomberg-reports

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

 

Bloomberg is reporting that the Heartbleed bug, which shocked the web security community this week, has been known and actively exploited by the National Security Agency for at least two years. According to two anonymous sources familiar with the matter, the bug was kept secret in the interest of national security, while the agency used it to obtain passwords and other data. Since the bug was first committed in 2012, the report suggests the NSA discovered the bug and maintained access for nearly the entire lifespan of Heartbleed.

 

Kept secret in the name of  "national security." Ya, sure, whatever. No wonder the NSA has been able to collect all of our information so easily, they used Heartbleed against us, although they did use other methods of doing so (another example is PRISM). Well, now since Heartbleed is well known to the public, hopefully everybody can take precautions to shut it down, and hopefully shut down an avenue that the NSA used to collect information on all of us. Let's see where this leads, and hopefully it doesn't end well for the NSA, but we shall see.

[TheNinjaNextDor]

*shock*

[dragosudeki]

That bug probably wasn't a bug. Maybe intended, until we eventually found it..

[greenroost1445]

"National security" my ass... ah well at least we found it and are working on fixing it.

[Hoppa]

How do I say this..... I've lost more respect from the 0 respect I had for the NSA.

[MeFakeScientist]

That bug probably wasn't a bug. Maybe intended, until we eventually found it..

 

That. Security flaw exploited by shady government arm shocker! 

It says a lot that people aren't even shocked by this sort of news anymore. 

[Kilerbomb]

I'm not surprised at all by this.

[jezza39]

There's absolutely no proof. Everyone can take their tin foil hats off.

[StingBull]

There's absolutely no proof. Everyone can take their tin foil hats off.

 

Really, man. After all the things they have done this is where you draw the line?

 

"Yeah they sure can record an entire country's phone calls, tap into any network that hasn't been encrypted and try to decrypt every network that is encrypted but nooo they wouldn't do this."

 

Calling people tin foil hatters after this point is just the sign of massive denial. America is a dystopian country 1984 style and you just don't want to accept it.

[TacticlTwinkie]

What a supprise <_<

[Jaybird]

is this an update to the previous thread on heartbleed?

[Mooshi]

We have ourselves to blame. When we are born, at least for those in the US and not born under someone's house like a stray cat, you were marked the moment you were born. We get our social security number ect ect. That stuff we can't help, what we /can/ help is what info we publicly share. You can't blame the NSA for all the dumb you (you in a broad term) posted on the Internet. People who actively Facebook are the prime examples of this kind of behavior. You're trusting your info so carelessly. You can't hide info from the government since it's already in the system, but you can prevent what is being leaked. Try not to use such rubbish passwords, either. A simple to remember pass phrase is a lot more effective than some BS upper and lower case combo with a symbol thrown in. Those passwords are easy to crack.

 

Take the George Zimmerman case. Remember all the people who were glued to that case because they had nothing better to do than to be race baiters. Now contrast that to the number of people who claim to hate the NSA yet careless post their crap online publicly. Think of all the people that know Facebook sells you out and still continue to trust Zuck with their information for some unknown illogical reason. Keep all this in mind that a dumb race baiting case got several times more outrage from citizens vs the US government bending you over and getting away with it. Where is the outrage for that? This is why Americans aren't taken seriously. It's all let's complain about something, but continue fueling the fire.

[jezza39]

Really, man. After all the things they have done this is where you draw the line?

"Yeah they sure can record an entire country's phone calls, tap into any network that hasn't been encrypted and try to decrypt every network that is encrypted but nooo they wouldn't do this."

Calling people tin foil hatters after this point is just the sign of massive denial. America is a dystopian country 1984 style and you just don't want to accept it.

You didn't read what I said, there is NO PROOF. As soon as there is a vulnerability in anything everyone rushes to blame the NSA like headless chickens. Maybe wait to see what snowden says yeah?

Have you actually read 1984? The only country like it is North Korea. You Americans live in a democracy, use it.

[gastew15]

You didn't read what I said, there is NO PROOF. As soon as there is a vulnerability in anything everyone rushes to blame the NSA like headless chickens. Maybe wait to see what snowden says yeah?

Have you actually read 1984? The only country like it is North Korea. You Americans live in a democracy, use it.

Actually it's a Republic with democratic tendency.. (America is really more of a Corpocracy at this point though.. ) Still though fair point, and really why would the NSA want that crap anyways? I mean it's not like it'd be all that useful to them for anything..

[Imaginaerum]

You didn't read what I said, there is NO PROOF. As soon as there is a vulnerability in anything everyone rushes to blame the NSA like headless chickens. Maybe wait to see what snowden says yeah?

Have you actually read 1984? The only country like it is North Korea. You Americans live in a democracy, use it.

Psh, as if they didn't use it, and as if anyone had reason to be surprised when the NSA was found out. Governments everywhere are listening, that will never change no matter what legislation gets passed to prevent it. Did they create it? Maybe not.

 

edit: I need to make this sound less extreme. I'm fully in support of restricting and preventing the NSA, but I don't think that they'll actually stop listening. The most we can hope for is not getting arrested because we walked by a possible spot that may sell explosives that my cousin's wife's sister's nephew's niece bought. But you still can't say that they didn't use it for something.

[StingBull]

You didn't read what I said, there is NO PROOF. As soon as there is a vulnerability in anything everyone rushes to blame the NSA like headless chickens. Maybe wait to see what snowden says yeah?

Have you actually read 1984? The only country like it is North Korea. You Americans live in a democracy, use it.

 

You don't need proof. If serial killer has killed 29 people before no one cares to prove the 30th murder.

 

At least North Korea does not claim that it is the pinnacle of democracy, an exemplar for the world, but America does all that. They boast how it's the "free of a country they are" Hell, they have invaded countries to "bring democracy to them".

 

Even a cursory look at how America actually functions, anyone can realize democracy is mostly in name only.

 

 

Actually it's a Republic with democratic tendency.. (America is really more of a Corpocracy at this point though.. ) Still though fair point, and really why would the NSA want that crap anyways? I mean it's not like it'd be all that useful to them for anything..

 

 

They collect many other forms of data that really has no function for them. They are obsessed with hoarding.

[SSL]

If true, the most egregious thing is that the NSA let this bug go unreported and unfixed, potentially allowing (other) criminal organizations to exploit it.

 

Actually it's a Republic with democratic tendency.. (America is really more of a Corpocracy at this point though.. ) Still though fair point, and really why would the NSA want that crap anyways? I mean it's not like it'd be all that useful to them for anything..

 

I'd say it would be pretty useful to get any server using Open SSL to spill the current contents of memory, potentially including the encryption keys.

[gastew15]

If true, the most egregious thing is that the NSA let this bug go unreported and unfixed, potentially allowing (other) criminal organizations to exploit it.

 

 

I'd say it would be pretty useful to get any server using Open SSL to spill the current contents of memory, potentially including the encryption keys.

I meant as in the people who are worried about their information.. Even if they did and I don't support it or anything else, but I really don't think people are as important as they think they are and the government is spending their time doing anything with them.

[SSL]

I meant as in the people who are worried about their information.. Even if they did and I don't support it or anything else, but I really don't think people are as important as they think they are and the government is spending their time doing anything with them.

 

Well you go ahead and keep on thinking that, then.

[gastew15]

Well you go ahead and keep on thinking that, then.

Well more damn power to them I guess. The only thing I'd have on any of these sites that they wouldn't already have is maybe a credit card number and I don't think uncle sam is going to charge my bank account. I really just don't have anything for anyone and most people don't. I have always been curious about what exactly people have that's such classified information.

[Admire]

Im dying from suprise.

 

Listen, Privacy doesn't exist. The NSA will always, always have ways to get our information. Its just the nature of the beast.

 

If you want privacy, go completely off grid. Otherwise, you have to live with it.

[qwertywarrior]

i kinda doubt this

"years" make it seem like they have been doing it since forever

with logs u can see who was abusing it

[Jack.EXE]

the amount of respect I have for the NSA is -1337.

[amintha1992]

TL;DR

 

Of cause they have. Im not surprised no do I care.  

[Murdoch]

If true, the most egregious thing is that the NSA let this bug go unreported and unfixed, potentially allowing (other) criminal organizations to exploit it.

 

 

That's my thoughts exactly.

 

It's pretty clear they have been systematically undermining the Internet's security.