NSA denies it knew about Heartbleed flaw

  • Thread starter Thread starter superdudebuddy
  • Start date Start date
  • Replies Replies: Replies 0
  • Views Views: Views 532
Joined
7 Jan 2014
Messages
857
Reaction score
321
NSA denies it knew about Heartbleed flaw


The agency disputes a report that it used Heartbleed to conduct surveillance


IDG News Service - The U.S. National Security Agency, which has a cybersecurity mission in addition to surveillance, has disputed a report that it knew about the Heartbleed security vulnerability for at least two years before other researchers disclosed the flaw this month.

The NSA used Heartbleed to gather intelligence, according to a report from Bloomberg, quoting two anonymous sources. Heartbleed is a flaw in OpenSSL that could allow attackers to monitor all information passed between a user and a Web service.

But an NSA spokeswoman called the report incorrect. "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report," she said by email. "Reports that say otherwise are wrong."

At the same time that the NSA was accused of using Heartbleed to conduct surveillance, another agency was trumpeting its efforts to share information about the bug.

After information about the bug was published, the U.S. Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT) "immediately issuedA an alertA to share actionable information with the public and suggested mitigation steps," said Larry Zelvin, director of the DHS National Cybersecurity and Communications Integration Center.


DHS also reached out to some businesses to help determine their vulnerability, Zelvin wrote in a blog post.



Read More
 
Back
Top Bottom