superdudebuddy
Member
- Joined
- 7 Jan 2014
- Messages
- 857
- Reaction score
- 321
NSA denies it knew about Heartbleed flaw
The agency disputes a report that it used Heartbleed to conduct surveillance
IDG News Service - The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.
The NSA used Heartbleed to gather intelligence, according to a report from Bloomberg, quoting two anonymous sources. Heartbleed is a flaw in OpenSSL that could allow attackers to monitor all information passed between a user and a Web service.
But an NSA spokeswoman called the report incorrect. "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report," she said by email. "Reports that say otherwise are wrong."
At the same time that the NSA was accused of using Heartbleed to conduct surveillance, another agency was trumpeting its efforts to share information about the bug.
After information about the bug was published, the U.S. Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT) "immediately issuedA an alertA to share actionable information with the public and suggested mitigation steps," said Larry Zelvin, director of the DHS National Cybersecurity and Communications Integration Center.
DHS also reached out to some businesses to help determine their vulnerability, Zelvin wrote in a blog post.
Read More
The agency disputes a report that it used Heartbleed to conduct surveillance
IDG News Service - The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.
The NSA used Heartbleed to gather intelligence, according to a report from Bloomberg, quoting two anonymous sources. Heartbleed is a flaw in OpenSSL that could allow attackers to monitor all information passed between a user and a Web service.
But an NSA spokeswoman called the report incorrect. "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report," she said by email. "Reports that say otherwise are wrong."
At the same time that the NSA was accused of using Heartbleed to conduct surveillance, another agency was trumpeting its efforts to share information about the bug.
After information about the bug was published, the U.S. Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT) "immediately issuedA an alertA to share actionable information with the public and suggested mitigation steps," said Larry Zelvin, director of the DHS National Cybersecurity and Communications Integration Center.
DHS also reached out to some businesses to help determine their vulnerability, Zelvin wrote in a blog post.
Read More
