NSA Says It Knew Nothing About Heartbleed
The National Security Agency denied that it previously knew of the Heartbleed bug, responding to press reports.
"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," said NSA. "The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."
Bloomberg reported earlier Friday that the NSA knew of the bug in the widely used encryption tool called OpenSSL for at least two years and exploited it to gather intelligence.
Security researchers have called Heartbleed one of the biggest flaws in the Internet's history, as it affects apps, web servers, networking hardware, email services and more.
Bloomberg reported earlier Friday that the NSA knew of the bug in the widely used encryption tool called OpenSSL for at least two years and exploited it to gather intelligence.
Security researchers have called Heartbleed one of the biggest flaws in the Internet's history, as it affects apps, web servers, networking hardware, email services and more.