tag:blogger.com,1999:blog-39936502790216383622024-03-08T14:47:44.236-08:00Technology UpdatesAnonymoushttp://www.blogger.com/profile/01466389553190517582noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-3993650279021638362.post-25848505665260999602014-04-14T00:46:00.001-07:002014-04-14T00:46:44.503-07:00Heartbleed bug denial by NSA and White House<br />
<div class="introduction" id="story_continues_1" style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; font-weight: bold; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
The US National Security Agency has denied it knew about or exploited the Heartbleed online security flaw.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
The denial came after a <a href="http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html" style="color: #4a7194; font-weight: bold; line-height: 16px; text-decoration: none;" title="Bloomberg News report">Bloomberg News</a> report alleging the NSA used the flaw in OpenSSL to harvest data.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
OpenSSL is online-data scrambling software used to protect data such as passwords sent online.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
Last year, NSA leaker Edward Snowden claimed the organisation<a href="http://www.bbc.co.uk/news/technology-24173977" style="color: #4a7194; font-weight: bold; line-height: 16px; text-decoration: none;" title="RSA warns over NSA link to encryption algorithm">deliberately introduced</a> vulnerabilities to security software.</div>
<div class="story-feature wide " style="background-color: white; clear: right; color: #505050; display: inline; float: right; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 13px; line-height: 16px; margin: 0px -160px 16px 16px; overflow: hidden; position: relative; width: 304px;">
<a class="hidden" href="http://www.bbc.co.uk/news/technology-27004713#story_continues_2" style="color: #4a7194; font-weight: bold; left: -5000px; position: absolute; text-decoration: none; top: -5000px;">Continue reading the main story</a><h2 style="border-bottom-color: rgb(216, 216, 216); border-bottom-style: solid; border-bottom-width: 1px; border-top-color: rgb(216, 216, 216); border-top-style: solid; border-top-width: 1px; font-size: 1.231em; margin: 0px 0px 8px; padding: 11px 0px 12px; text-rendering: optimizelegibility;">
'A mistake'</h2>
<div style="clear: left; margin-bottom: 12px; padding: 0px; text-rendering: auto;">
A German computer programmer has accepted responsibility for the emergence of the Heartbleed bug, according to a report in the Sydney Morning Herald.</div>
<div style="clear: left; margin-bottom: 12px; padding: 0px; text-rendering: auto;">
Robin Seggelman, a 31 year old from Oelde - 120 miles (193km) north of Frankfurt - is reported to have made the mistake while trying to improve the OpenSSL cryptographic library on 31 December 2011.</div>
<div style="clear: left; margin-bottom: 12px; padding: 0px; text-rendering: auto;">
"It's tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies, but in this case it was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area," he told Fairfax Media.</div>
<div style="clear: left; margin-bottom: 12px; padding: 0px; text-rendering: auto;">
"It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."</div>
<ul class="links-list" style="border-top-color: rgb(232, 232, 232); border-top-style: solid; border-top-width: 1px; clear: both; list-style: none; margin: 0px 0px 16px; padding: 7px 0px 0px;">
<li style="background-image: none; font-size: 1em; margin: 0px 0px 8px; padding: 0px; position: relative; text-rendering: auto;"><a href="http://www.smh.com.au/it-pro/security-it/who-is-robin-seggelmann-and-did-his-heartbleed-break-the-internet-20140411-zqtjj.html" style="color: #174f82; font-weight: bold; text-decoration: none;">Sydney Morning Herald</a></li>
</ul>
</div>
<div id="story_continues_2" style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
The bug, which allows hackers to snatch chunks of data from systems protected by OpenSSL, was revealed by researchers working for Google and a small Finnish security firm, Codenomicon, earlier this month.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
OpenSSL is used by roughly two-thirds of all websites and the glitch existed for more than two years, making it one of the most serious internet security flaws to be uncovered in years.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
"[The] NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report," NSA spokeswoman Vanee Vines said in an email, adding that "reports that say otherwise are wrong."</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
A White House official also denied the US government was aware of the bug.</div>
<div class="caption" style="background-color: white; clear: both; color: #505050; display: inline; float: right; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 13px; line-height: 16px; margin: 0px -160px 16px 16px; position: relative;">
<img alt="Heartbleed logo" height="360" src="http://news.bbcimg.co.uk/media/images/74129000/png/_74129634_blee.png" style="-webkit-user-select: none; border: 0px; font-style: italic; letter-spacing: 0px; position: relative;" width="336" /></div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House national security spokeswoman Caitlin Hayden said in a statement.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
"This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet," she insisted, adding: "If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
Bloomberg, citing two people it said were familiar with the matter, said the NSA secretly made Heartbleed part of its "arsenal", to obtain passwords and other data.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
It claimed the agency has more than 1,000 experts devoted to finding such flaws - who found the Heartbleed glitch shortly after its introduction.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
The claim has unsettled many.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
"If the NSA really knew about Heartbleed, they have some *serious* explaining to do," cryptographer Matthew Green said on Twitter.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
The agency was already in the spotlight after months of revelations about its huge data-gathering capabilities.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
Documents leaked by former NSA contractor Edward Snowden indicated the organisation was routinely collecting vast amounts of phone and internet data, together with partner intelligence agencies abroad.</div>
<div style="background-color: white; clear: left; color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 1.077em; line-height: 18px; margin-bottom: 18px; padding: 0px; text-rendering: auto;">
President Barack Obama has ordered reforms that would halt government bulk collection of US telephone records, but critics argue this does not go far enough.</div>
Anonymoushttp://www.blogger.com/profile/01466389553190517582noreply@blogger.com0