The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence…

Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.

Long, detailed article at Bloomberg. And lots of other pissed-off geeks around the World Wide Web.



  1. tg says:

    to defend your freedom we must destroy it

    • dusanmal says:

      Orwell in practice. As he noticed decades ago (be it by copying work of Russian author who actually lived in “variation on the theme”, USSR) – powerful Government inevitably leads to it using that power for itself and against the subjects. The only way out is to limit, dis-empower and shrink Government. Nothing else.
      (If interested who Orwell copied, by his own later admission: Evgeniy (sometimes spelled Yevgeny or variation of these examples) Zamyatin, book titled “We”, pre-dating “1984” by couple of decades with essentially the same story/plot-line ).

  2. Captain Obvious says:

    Why is nobody asking the right question. Isn’t it the NSA’s job to discover and fix security holes like this? That is why the American’s are paying for cryptographers and the NSA, right?

    • dusanmal says:

      That is not the right question. Right question is why we have Government agency legally capable of doing what they did? The whole structure from bottom analyst who applied (or discovered) this vulnerability, through his boss and his boss,… to the very head of NSA AND his boss should in decent society respecting individual liberties as described in our Constitution be jailed.

      • jpfitz says:

        “through his boss and his boss,… to the very head of NSA AND his boss should in decent society respecting individual liberties”

        Ha, respecting our liberties, not in their interests. Unfortunately we live in a society of our making, or what the populace puts up with. The media has controlled and diverted our attention toward insignificant stories or flat out lied with propaganda, including 1600 Pennsylvania Avenue. The citizens have become numb since that fateful tuesday.

        • Jimmy Higgins says:

          The executive order authorizing the whole range of crap rationales changing our intelligence services into something wholly apart from the Constitution is #12333.

          Signed in 1981 by Ronald Reagan in the first year of his first term. He is a saint to the NSA.

  3. noname says:

    I Am So Heartbroken

    NSA said it loved U.S.
    But this isn’t love
    You feel stuck
    How can you get out
    Trying to leave
    You find your still in love
    Hiding the bruises
    Avoiding the questions
    Until one day when
    It was too much
    No apoligy can take
    Back what has been done
    It’s all over… I still love, what am i supposed to

  4. Dave Phillips says:

    Those lying ass dingleberrys who are supposed to be protecting us need to be fired and prosecuted for dereliction of duty. They have put the whole internet system in peril.

    • McGrubber says:

      You really need to get your facts straight. They (the NSA) didn’t put anyone in peril. Rather, they (the NSA) let OTHERS put us all all in peril.

      That’s a pretty big distinction between actively shooting at someone and simply standing by while watching it happen over and over again — when you’re a COP! So if you want to hang anyone at least make sure you hang them for the right reasons. We need to hang the bastards in the NSA who knew about this security bug for DERELICTION OF DUTY!

  5. McGrubber says:

    What’s even more surprising is why this is so surprising to anyone.

    DUH!

    The NSA knew about it and said/did NOTHING! That’s a classic example of what your tax dollars do — YOUR TAX DOLLARS!!!

    Now, if you want to talk about a REAL crime, one that is being committed right in from of everyone’s face, let’s talk about the Comcast Time/Warner merger. Because if you’re not hanging onto your wallet now, it may be too late!!!

    But since this is all about the NSA… What part of “(N)OT (S)MART (A)gency” didn’t you understand? I keep waiting for Maxwell Smart, the Chief and 99 to come out and tell us that the TV show was really a biographical chronicle.

  6. Pretty normal for them to utilize an exploit until it affects them. After that, they need to turn on the media machine to let the world know how terrible it is. I heard about 6 billion in state department funds was found to be ‘lost’. Here’s something to blame instead of the at-time-of-occurrence secretary of state.

  7. MikeN says:

    NSA probably are the developers. The name is a take on Bleeding Heart.

    • Nut Job says:

      Not exactly. I don’t think the NSA developed anything as far as this bug goes. Although, you may still be right about it.

      What more likely happened is that some corporate creep took the open source code (in this case, OpenSSL) put it into one of their commercial products like some server software somewhere and never really tested it or even looked at it. And doesn’t that sound like corporate America to you when it’s perfectly legal to take someone else’s work, not pay them and then make a profit off that work?!

      Let me also be perfectly clear here too — no laws were broken if that’s how it went down. Which is why I say there should at least be more stringent rules on anyone publishing for profit software that had ANYTHING to do with open source code. (I also want to know how many chicken lips went into my hot dog too!)

      … Meanwhile, the NSA probably was in on it from day one as you said but didn’t bother to tell anyone that there was a huge gaping hole — in the security! They probably looked at it more of as a honey pot to catch bad guys with and arrogantly though they could stand in front of that hole while never taking any action to actually seal it. And if you ask me, acting like that would be a bit like being an armed cop on one of the 9-11 hijacked planes — with the ability to stop it — but decided instead to join the mile high club.

      Remember! “All evil needs in order for it to prevail is for good men to do nothing.

  8. Glenn E. says:

    This confirms my long standing suspicion. That even if the NSA had nothing to do with creating and installing such security “bugs”, in PC and server software. But whenever they learn it does exist. Rather than come to the nation’s defense, by exposing it. The NSA prefers to keep it to themselves, as potential spying tools. For an indefinite time. No matter how bad the effects become on financial and commercial interests. When have the NSA *EVER* made know any flaws in cyberspace or telecommunication technologies? I haven’t heard a peep, attributed to them.

    It’s like someone seeing a building catch fire. And not calling the fire department. Because they’re too busy figuring out how to exploit the tragedy, politically or financially. And of course, they’ll never be held libel for keeping their mouth shut. That law only applies to slaves. See something, you better say something. Unless you’re an insider elite. Then you’re allowed to call your stock broker first. The NSA ought to be investigated by the SEC!

  9. Tim says:

    ~It’s like someone seeing a building catch fire.

    ”Hey, man; That building just caught on fire. Yes ma’am… and then this NSA dude just shot me…”

    ”…That was not a real NSA dude, like me, pretending to protect the national securities. I’d Snowden out and sing in an investigation with the SEC!

    ”Hello? SEC?!! Listen…There’s like this 47 story building on fire and…… Uhmmm, never mind.

    “”Other major tenants included ITT Hartford Insurance Group (122,590 sq ft/11,400 m²), American Express Bank International (106,117 sq ft/9,900 m²), Standard Chartered Bank (111,398 sq ft/10,350 m²), and the Securities and Exchange Commission

    http://en.wikipedia.org/wiki/7_World_Trade_Center#Tenants

    Promis. Palantir. Tyler Perry, Inslaw, Flappy {x}, … Will it never stop?
    shit. too soon??

  10. ECA says:

    A democratic society can not survive on secrets.

    If the PEOPLE are responsible for anything in this country, it can not be for its secrets.

    http://consciouslifenews.com/verified-warnings-presidents-about-invisible-government-running-allegiance-people/1136001/

  11. Uncle Patso says:

    The article just sort of glosses over the source(s) for this story — just who are these “two people familiar with the matter”? Are they leakers like Snowden or Manning? That’s usually one of the more important details given in a big story like this. But here we don’t even get the usual “preferred to remain anonymous because they’re not authorized to speak publicly on the matter.”

    Who says?