NSA Exploited HeartBleed Vulnerability–tech flaw leaks your personal data

viagra order sans-serif;”>The NSA knew about and exploited the Heartbleed vulnerability for two years before it was publicly exposed this week, and used it to steal account passwords and other data, according to a news report.

*Article courtesy Israel Homeland Security

21986488_m featureSpeculation had been rampant this week that the spy agency might have known about the critical flaw in OpenSSL that would allow hackers to siphon passwords, email content and other data from the memory of vulnerable web servers and other systems using the important encryption protocol.

That speculation appears to be confirmed by two unnamed sources who told Bloomberg that the NSA discovered the flaw shortly after it was accidentally introduced into OpenSSl in 2012 by a programmer.Heartbleed allows an attacker to craft a query to vulnerable web sites that tricks the web server into leaking up to 64kb of data from the system’s memory.

The data that’s returned is random — whatever is in the memory at the time — and requires an attacker to query multiple times to collect a lot of data. But this means that any passwords, spreadsheets, email, credit card numbers or other data that’s in the memory at the time of the query could be siphoned.

Although the amount of data that can be siphoned in one query is small, there’s no limit to the number of queries an attacker can make, allowing them to collect a lot of data over time.

Hat tip: iHLS Israel Homeland Security

_________________________________________

Get free Citizensjournal.us BULLETINS. Please patronize our advertisers (including below) to keep us publishing and/or DONATE.

One Response to NSA Exploited HeartBleed Vulnerability–tech flaw leaks your personal data

  1. William "Bill" Hicks April 15, 2014 at 1:05 pm

    With this, we must be very careful who we leave personal information with.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *