NSA Used the Heartbleed Bug to steal passwords

By | April 13, 2014

Report: NSA Exploited Heartbleed to Siphon Passwords for Two Years

Image: Codenomicon

The NSA knew about and exploited the Heartbleed vulnerability for two years before it was publicly exposed this week, and used it to steal account passwords and other data, according to a news report.

Speculation had been rampant this week that the spy agency might have known about the critical flaw in OpenSSL that would allow hackers to siphon passwords, email content and other data from the memory of vulnerable web servers and other systems using the important encryption protocol.

That speculation appears to be confirmed by two unnamed sources who told Bloomberg that the NSA discovered the flaw shortly after it was accidentally introduced into OpenSSl in 2012 by a programmer.

The flaw “became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” the publication reports. [See NSA response …)

Read the entire article on Wired

Leave a Reply

Your email address will not be published. Required fields are marked *

HTML Snippets Powered By : XYZScripts.com