Because Ron Paul and Edward Snowden made a bad, or something.

With boxes in the garage. I'm pretty sure.

Therefor there's nothing to see here.

Cause that's relevant, ya know

Get your priorities straight!

What a load of shit.

something the NSA says, what can you trust? They'd NEVER lie about something like that, huh?

... they wouldn't stand right in front of Congress and lie their ass off. You can trust these guys, they are the smartest in the room.

Or maybe not. Wouldn't surprise me a bit to learn this was being used by the national security apparatus as a back door. This shit is out of control.

Anyone can contribute, and if the flaw is subtle enough, and the person submitting the code isn't obviously someone from the NSA, then no one is the wiser.

It would not surprise me in the slightest to find out that the flaw was contributed intentionally.

But my company got the last laugh -- the version of OpenSSL that we use is so old, it predates the flaw, so we're safe.

Closed source is easily bought off behind closed doors.

... so old it has the old version of OpenSSL.

A whole new arms race.

How do we get back to that bliss? Double martini dry and up plez.

Is it worth it since they already sucked everything up? What about our online forms like folks filling out forms for the ACA, Social Security, Medicaid, Medicare, Banking, Taxes, Medical forms doctors all want us to fill out and send online.

Which is secure and which isn't. Does it matter at this point? Especially us non-tech people just don't know which is secure SSL and which is Open. Are Firefox and Thunderbird Vulnerable because they are Open Source? Should I switch back to Microsoft instead?

Anyway...this all is good news in a way if it keeps the NSA out of our privacy in the future.

And Thank yYou Edward Snowden..!

apparently in the server software, not your own machine (unless you serve up websites or other servers from your machine, such as a database, for instance). As such, it doesn't really matter if your machine (the 'client') uses linux, windows, or whatever.

I'd change passwords on major sites first, especially your email password, since most other sites send your change requests to the email address on file. Then I'd change credit card and banking site passwords, then bills you pay online.

But let's face it, bugs like this reveal the flaw in simply having to sign in with accounts at so many different websites - if you're like me, you've got all sorts of passwords on accounts on websites you may have used exactly once in your life, to order something online, including sites you to which you never plan to return, but offered you no ability to delete your account, or to set them to 'disable all logins on account'.

Because if it was, the President could put an end to all NSA excesses with a pen and a phone call.

Oh...wait a minute. The NSA is in the executive branch. Bernie S., Dennis K., anybody, please help.

I don't recall Greenwald complaining about heartbleed when Bush was in office. something something libertarian derp.

""



""

doesn't show the money they gave to the DLC. I wonder why that is?

Koch Industries gave funding to the DLC and served on its Executive Council
http://americablog.com/2010/08/koch-industries-gave-funding-to-the-dlc-and-served-on-its-executive-council.html

But, here’s a key piece of information: the Kochs haven’t just given to right-wingers. Back in April of 2001, The American Prospect’s Bob Dreyfuss reported that the Kochs also funded the Democratic Leadership Council (DLC):

And for $25,000, 28 giant companies found their way onto the DLC’s executive council, including Aetna, AT&T;, American Airlines, AIG, BellSouth, Chevron, DuPont, Enron, IBM, Merck and Company, Microsoft, Philip Morris, Texaco, and Verizon Communications. Few, if any, of these corporations would be seen as leaning Democratic, of course, but here and there are some real surprises. One member of the DLC’s executive council is none other than Koch Industries, the privately held, Kansas-based oil company whose namesake family members are avatars of the far right, having helped to found archconservative institutions like the Cato Institute and Citizens for a Sound Economy. Not only that, but two Koch executives, Richard Fink and Robert P. Hall III, are listed as members of the board of trustees and the event committee, respectively–meaning that they gave significantly more than $25,000.

The DLC board of trustees is an elite body whose membership is reserved for major donors, and many of the trustees are financial wheeler-dealers who run investment companies and capital management firms–though senior executives from a handful of corporations, such as Koch, Aetna, and Coca-Cola, are included.

...

Oh, well. Keep up the Greenwald/Snowden/libertarian/Koch guilty by association smear.

That's just a Very Sensible graphic. if the octopus had nine arms there may have been a space to include the Koch bros/DLC relationship.

Everyone on DU needs to know this.

when Nixon was in office. Nice try though.

Would need a sarcasm tag. The "something something libertarian derp" kinda made me think the poster was being sarcastic.

Also suggested such a vulnerability existed months ago...

We live in interesting times, that's for certain!

then when they found this bug two years ago they would have immediately alerted the affected site owners so that American citizens' data was protected.

They apparently did not, so that tells us a little bit about what the NSA's job isn't.

Seems apropos.

will put a stop to this crap.

... a bug in open source code? Seems a bit draconian to me.

Remind them of how the NSA was all "Trust us, defense is our first priority" when it came to computer security.

I guess they worry about my defense pretty just like a Russian cybercriminal. It's an obstacle to overcome.

The word "critical " is a judgment here. Editorializing. Not objective. Not in quotes. Not attributed.

It should have been written with this phrase: "...considered critical intelligence by those familiar with..."

It is not precisely written, if the meaning is what you assume it is.

Look people, none of this is true. If you believe anything in this post, or in any news media, then you're just a HATER and nobody can ever live up to your purity tests.

Regards,

TWM

Abolish the NSA and CIA.

They build applications around them and have a strong incentive not to fix them or have the vendors fix them. That state of affairs puts us all at risk. Far from protecting the American public they are putting us further at risk.

I would trust the inside sources over the NSA spokesperson. Remember what the NSA was saying about the scope of the surveillance when the Snowden info was just coming out? Not a reputable organization.

our throats if they could do it to maintain their power and control.

You know, it's for our own security, of course.

Goddamn the NSA apologists.

From the OP article, which does identify or link to any earlier Bloomberg article:

The NSA said in response to a Bloomberg News article that it wasn’t aware of Heartbleed until the vulnerability was made public by a private security report. The agency’s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

If Bloomberg is making it up, I think there could be legal consequences, so your assertion that it is false information is well lets just say, FUD fail, and I do not love anyone except myself first ...

I would look to the reporter for Bloomberg ... and make your claim that he/she is making this up ...

the information is at the bottom of the article.

Or maybe you already did that?

...at least when considered in conjunction with your longstanding and full-throated defense of those criminal fucks.

That means it didn't happen, what more do you need?


I mean, if I burn down a building and then deny that I started the fire, I technically didn't burn it down. It's called the transitive Snowdensian property.