The NSA has long been exploiting the Heartbleed vulnerability and denied

BI Chinese site April 12

According to some media sources, for many years, the NSA (National Security Agency) has been using the huge security vulnerability "Heartbleed (Heartbleed)" to collect information about Internet users.

OpenSSL TLS heartbeat read remote information leakage (CVE-2014-0160)

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

The Heartbleed vulnerability makes full use of undiscovered program errors in the widely used encryption protocols to trick network servers into overflowing a large amount of valuable user data and information, this high-risk vulnerability affects almost everyone on the Internet.

As we stated in our article on Tuesday, almost 2/3 of networks use software that hides the Heartbleed vulnerability, including important service providers such as Facebook, Yahoo, and Gmail.

This situation will of course make the Heartbleed vulnerability an extremely effective tool for the NSA to collect user data, even though it raises doubts about the motivation and effectiveness of the NSA. However, the NSA insists on denying the use of the Heartbleed vulnerability.

The industry believes that the NSA can quickly discover this vulnerability shortly after the emergence of the Heartbleed vulnerability, which is not surprising because it is a small error and will not significantly damage the SSL (Secure Sockets Layer) so no one will find this vulnerability in the Open Source Field. Of course, this is exactly what the NSA and a small number of military security experts are trying to find: vulnerabilities that are widely used but difficult to detect.

According to informed sources, the Heartbleed vulnerability soon became a "basic component of NSA's theft of user account passwords and other common task tools ". The person familiar with the matter also revealed that the NSA has established a database that collects thousands of vulnerabilities, most of which may not yet be discovered by independent computer security researchers.

Of course, the NSA has been trying to deny the above rumors and published a message via Twitter saying that the NSA "was not confirmed until the Heartbleed vulnerability was recently published ".

For more information about Heartbleed, click here.
Heartbleed: click here