Heart Bleed Bug

The NSA Used The Heart Bleed Bug To Hack In To Foreign Computers
NSA: Making Us All Less Safe

Top computer and internet experts say that NSA spying breaks the functionality of our computers and of the Internet. It reduces functionality and reduces security by – for example – creating backdoors that malicious hackers can get through.

Remember, American and British spy agencies have intentionally weakened security for many decades. And it’s getting worse and worse. For example, they plan to use automated programs to infect millions of computers.

NSA also encourages large internet companies to delay patching vulnerabilities, to allow the NSA time to exploit them. See this and this. In other words, the NSA encourages companies to allow vulnerabilities to remain unfixed.

You’ve heard of the scary new “Heartbleed” computer vulnerability?

The NSA has exploited it – and kept it hidden from consumers and security experts – for years. Bloomberg reports:

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.

“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”

Yes, they will.

United States Federal Government Denies It Knew About Heart Bleed Bug
And with this official denial we can be certain that Bloomberg's disgruntled NSA sources were right.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

Now if only the NSA can also release a fabricated YouTube clip proving it never knew abused any compromised network anywhere, then all will be promptly forgiven and forgotten.

CIA Invented Heart Bleed Bug
The CIA made the heart bleed bug to attack computers of countries with oil, or resisting the united states' control for world domination. The Purpose of the heart bleed bug is to hack in to email services and websites (Not Protected), an Computers it will effect as well.