Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

NSA denies reports that it knew about Heartbleed for two years

by The Gurus
April 14, 2014
in Editor's News
Share on FacebookShare on Twitter

Despite claims by the US Government that it was not aware of the Heartbleed vulnerability until it was made public, a news piece has claimed that the NSA knew about Heartbleed for at least two years.
 
The NSA tweeted a statement on Friday evening, saying that it “was not aware of the recently identified Heartbleed vulnerability until it was made public”. However Bloomberg said that the NSA knew about Heartbleed and regularly used it to gather critical intelligence.
 
It said: “Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”
 
The report said that the search for flaws is central to NSA’s mission, though a presidential board reviewing the NSA’s activities after Edward Snowden’s leaks recommended the agency halt the stockpiling of software vulnerabilities. It also said that the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified.
 
Shawn Turner, director of public affairs for the office, said in a statement to Bloomberg: “This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”
 
The New York Times said that the President permitted the use of cyber weapons where there was “a clear national security or law enforcement need”.
 
In a statement, the office of the Director of National Intelligence refuted the Bloomberg story, saying that reports that the NSA or any other part of the US Government were aware of the Heartbleed vulnerability before April 2014 were wrong.
 
“The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cyber security report. The Federal government relies on OpenSSL to protect the privacy of users of Government websites and other online services. This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet,” it said.
 
“If the Federal Government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
 
It said that that when zero-day flaws are discovered “it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose”.

FacebookTweetLinkedIn
Tags: NSAVulnerabilityZero-day
ShareTweetShare
Previous Post

BSides London and blogger awards announce line-ups

Next Post

Pakistan mulls cyber security bill to keep NSA at bay

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information