This afternoon Bloomberg reported that the National Security Agency (NSA) knew about the now infamous Heartbleed flaw in OpenSSL, and that it used the weakness to collect intelligence.
It is not clear if the NSA used Heartbleed to collect information regarding citizens in the United States, so this issue may not concern privacy like so many other revelations regarding the agency have. Instead, the idea is that the NSA was reportedly aware of the issue, and chose to exploit the exploit rather than helping the larger technology community quickly.
In short, The NSA essentially decided that its own intelligence efforts were more important than the security of your information.
In the ensuing few days since the Heartbleed weakness has been exposed, companies and services large and small have rushed to patch their systems, change their cryptographic protections, and alert their users to change their passwords. This situation could have been ameliorated, if not avoided altogether.
Making the average person understand the extent of the NSA’s actions has been difficult — some don’t get, or simply don’t care, about their digital privacy — but to deliberately ignore a known flaw that could put every member of your family at risk? That’s easier to grasp.
Show Comments