Nation & World News

NSA Denies It Knew About Heartbleed Bug Before It Was Made Public

By Eyder Peralta on April 11th, 2014

The National Security Agency says it did not know about a critical security bug until it became public earlier this month.

The NSA was responding to a report from Bloomberg that the agency had known about the vulnerability known as “Heartbleed” for two years and instead of alerting the tech community, it exploited the bug to “gather critical intelligence.”

Just to catch you up: The Heartbleed bug has led tech experts to call on Internet users worldwide to change the passwords they use on popular and sensitive sites, like that of their bank or email provider. As NPR’s Jeremy Bowers explained, the bug allowed an attacker to receive the encryption keys used to transmit information like your username and password. In other words, the bug allowed access to the “crown jewels.”

In a statement, the NSA said Bloomberg’s report was simply “wrong.” The U.S., the NSA said, would reveal this kind of vulnerability to developers if it ever came upon it. The statement goes on:

“The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

“When Federal agencies discover a new vulnerability in commercial and open source software – a so-called ‘Zero day’ vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

“In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

This entry was posted in News from NPR. Bookmark the permalink.

Comments are closed.

 

More Stories in News from NPR

Yahoo's new logo.

U.S. Threatened To Fine Yahoo $250K A Day If It Didn’t Release User Data

The company says it fought the order in a secret court and lost. Today, that same court finally unsealed documents of a pivotal decision that allowed the U.S. to spy on Internet users.


Susan Rice: Islamic State Fight Will Not Be ‘Iraq War Redux’

In an interview with NPR, Rice said the U.S. will not be drawn into a ground war in Iraq and Syria, even if local forces are insufficient at containing the Sunni militants.


Richard Kiel (front) and Roger Moore at a ceremony in 2007 to honor Moore with a star on the Hollywood Walk of Fame. Kiel, who played Jaws in two Bond films opposite Moore, died Wednesday. He was 74.

Richard Kiel, Actor Who Played Jaws In Bond Films, Dies At 74

Kiel delighted moviegoers with his quiet menace and his metal teeth in the role of Jaws, the Bond villain henchman who not only survived his encounters with 007, but also lived happily ever after.


House Speaker John Boehner, R-Ohio, on Capitol Hill on Thursday. Boehner says Congress stands ready to work with the president on the threat from Islamic State militants.

Boehner: House GOP ‘Ready To Work With The President’

The House speaker said Congress “ought to give the president what he’s asking for” but also expressed skepticism, saying the White House plan to defeat Islamic State militants doesn’t go far enough.


Fijian U.N. peacekeepers released by the group Nusra Front in Syria on Thursday as they arrive in Israeli-held territory on the Golan Heights.

Fijian Peacekeepers Released By Syrian Nusra Front Rebels

The 45 U.N. troops were taken hostage last month on the Syrian-controlled side of the Golan Heights.


Thank you for your support

WUFT depends on the support of our community — people like you — to help us continue to provide quality programming to North Central Florida.
Become a Sustainer
I want to support FM 89.1/NPR
I want to support Florida's 5/PBS
Donate a Vehicle
Day Sponsorship Payments
Underwriting Payments