You are using an older browser version. Please use a supported version for the best MSN experience.

NSA Exploited Heartbleed For Years

TechCrunch TechCrunch 12/04/2014 Alex Wilhelm

This afternoon that the National Security Agency (NSA) knew about the now infamous Heartbleed flaw in OpenSSL, and that it used the weakness to collect intelligence.

It is not clear if the NSA used Heartbleed to collect information regarding citizens in the United States, so this issue may not concern privacy like so many other revelations regarding the agency have. Instead, the idea that the NSA was reportedly aware of the issue, and chose instead to exploit the exploit instead of help the larger technology community quickly it is the problem.

In short: The NSA is said to have decided that the exploit was better something for it to use as an offensive tool, than to affect a defensive posture for the rest tech; its decision meant that in its view, its own intelligence efforts were essentially more important than the security of your information.

In the ensuing few days since the Heartbleed weakness has been exposed, companies and services large and small have rushed to patch their systems, change their cryptographic protections, and alert their users to change their passwords. This situation could have been ameliorated, if not avoided altogether.

The NSA’s reputation inside of the technology world has been long-suffering, especially in the wake of efforts to by inserting back doors, and its efforts to between data centers of large, popular technology firms. This will not help.

Making the NSA’s actions somewhat grokkable to the average person has been difficult — some don’t get, or care, about their digital privacy — but an effort to not fix a known flaw for its own gain that could see every member of your family put at risk? That’s easier to get.

More from TechCrunch

image beaconimage beaconimage beacon