[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Apr 12 00:49:47 UTC 2014

On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:

> The interesting thing to me is that the article claims the NSA have been
> using this for "over two years", but 1.0.1 (the first vulnerable version)
> was only released on 14 Mar 2012.  That means that either:

>  * The NSA found it *amazingly* quickly (they're very good at what they do,
>    but I don't believe them have superhuman talents); or

You seriously think the NSA *isn't* watching the commits to security-relevant
open source?  Remember - it was a bonehead bug, it's *not* unreasonable for
somebody who was auditing the code to spot it.  Heck, there's a good chance that
automated tools could have spotted it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140411/b4e14af3/attachment.sig>

More information about the NANOG mailing list