15 Apr 2014 @ 12:50 AM 

There has been some growing speculation as to whether the NSA was aware of the Heartbleed vulnerability in advance. The story was raised and reported by Bloomberg, denied in the New York Times, and then sort of questioned again by the New York Times.

But the thing that strikes me the most is a quote from former NSA Head Michael Hayden who is on record as saying:

Some vulnerabilities are such that they marginally (but importantly) weaken a system but exploitation still depended on skills, systems and technologies that few, if any, can match.  If the judgment is what is called NOBUS (nobody but us could do this), the risk management decision is pretty easy.  Of course, that judgment could change over time and still requires continuous due diligence. (Security Current)

Given the ramifications that Heartbleed could potentially have on the fundamental infrastructure of the Internet, if the NSA was involved I think there needs to be some holding of account.

Posted By: Chief Tech
Last Edit: 15 Apr 2014 @ 12:50 AM

EmailPermalink
Tags


 

Responses to this post » (None)

 
Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>