AAPL Stock: 118.03 ( -0.85 )

Printed from

NSA denies using Heartbleed security flaw in intelligence gathering

updated 10:43 am EDT, Sat April 12, 2014

Agency claims it didn't know of flaw until public disclosure

As reports of the severity of the Heartbleed OpenSSL bug has spread, so have the rumors. A report from Bloomberg has claimed that the US National Security Agency exploited the flaw for years. In its own defense, the NSA issued an unusually specific statement saying that not only did it not use the exploit, but it didn't even know about it until news of it went public a few days ago.

According to the report, two sources close to the matter claimed that the NSA found out about the bug in 2012 when the code changes were first committed, and had been using it in secret since then, keeping it under wraps as a matter of national security.

Heartbleed appears in the widely-available OpenSSL version 1.0.1, as well as the beta of 1.0.2, with the former version being used in a large proportion of servers. The affects of the bug are varied and wide-ranging, with ZDNet reporting it as allowing attackers to potentially reveal credit card details in a transaction over HTTPS, normally considered secure.

The severity of the issue potentially allows for the SSL keys to be used to enter a server without leaving any sign of an intrusion. The Heartbleed site dedicated to the bug, created by Codenomicon Defensics, describes Heartbleed as allowing attackers to potentially "eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users."

Apple was unaffected by the bug. Yahoo, Gmail, and Amazon Web Services were all affected by it, which could have been the basis of the initial email surveillance reports leaked by Edward Snowden in 2013. The Bloomberg report suggests that the NSA has a database of exploits similar to Heartbleed hundreds of items long.

The governing body of the NSA, the National Security Council issued an oddly adamant denial regarding it. In its statement, the council claims that "reports that NSA, or any other part of the government, were aware of the so-called Heartbleed vulnerability before April 2014 are wrong." The statement goes on to say that "if the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL." The NSA does not usually couch its statements or denials in such direct and unequivocal language.

by MacNN Staff



  1. afaby

    Fresh-Faced Recruit

    Joined: 07-18-05

    Suuuuure. We believe you.

  1. ricardogf

    Fresh-Faced Recruit

    Joined: 01-13-03

    Of course, NSA - we trust every single word you utter 150%...NOT.


    Fresh-Faced Recruit

    Joined: 12-18-07

    America has destroyed itself, in the name of terrorism.

  1. apostle

    Junior Member

    Joined: 04-16-08

    America. Where the inmates run the asylum. Voting in an election should be a privilege granted the educated and informed. Not a "right" granted every miscreant with a bone to pick.

  1. Mike Wuerthele

    Managing Editor

    Joined: 07-19-12

    Originally Posted by apostleView Post

    America. Where the inmates run the asylum. Voting in an election should be a privilege granted the educated and informed. Not a "right" granted every miscreant with a bone to pick.

    I think its got more to do with our "sucks less than the other guy" choices we have to make.

  1. DiabloConQueso

    Fresh-Faced Recruit

    Joined: 06-11-08

    "Voting in an election should be a privilege granted the educated and informed. Not a 'right' granted every miscreant with a bone to pick."

    If ever there was a slope, this would be the slipperiest of them.

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    It's a stupid slope too. Having to pass someone's test in order to vote is a simple minded approach to presumably your desired end, an educated and informed public. It couldn't be much less supportive.
    I can tell you for certain that there are tons of educated informed people making the dumbest decisions on a regular basis. ...much like floating this very idea. Your idea doesn't help in any way. Period.
    Maybe you could get some buy in by adding a test for benevolent and moral grounding. I still think it's a stupid idea.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented