SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
To donate by check, phone, or other method, see our More Ways to Give page.
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
The American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, a catastrophic vulnerability inside one of the most widely-used encryption protocols upon which we rely every day to secure our web communications. But the denial itself serves as a reminder that NSA's two fundamental missions - one defensive, one offensive - are fundamentally incompatible, and that they can't both be handled credibly by the same government agency.
In case you've spent the past week under a rock, Heartbleed is the name security researchers have given to a subtle but serious bug in OpenSSL, a popular version of the Transport Layer Security (TLS) protocol - successor to the earlier Secore Sockets Layer (SSL) - that safeguards Internet traffic from prying eyes. When you log in to your online banking account or webmail service, the little lock icon that appears in your browser means SSL/TLS is scrambling the data to keep aspiring eavesdroppers away from your personal information. But an update to OpenSSL rolled out over two years ago contained a bug that would allow a hacker to trick sites into leaking information - including not only user passwords, but the master encryption keys used to secure all the site's traffic and verify that you're actually connected to MyBank.com rather than an impostor.
It's exactly the kind of bug you'd expect NSA to be on the lookout for, since documents leaked by Edward Snowden confirm that the agency has long been engaged in an "aggressive, multi-pronged effort to break widely used Internet encryption technologies". In fact, that effort appears to have yielded a major breakthrough against SSL/TLS way back in 2010, two years before the Heartbleed bug was introduced - a revelation that sparked a flurry of speculation among encryption experts, who wondered what hidden flaw the agency had found in the protocol so essential to the Internet's security.
Read the rest of this article at The Guardian...
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
The American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, a catastrophic vulnerability inside one of the most widely-used encryption protocols upon which we rely every day to secure our web communications. But the denial itself serves as a reminder that NSA's two fundamental missions - one defensive, one offensive - are fundamentally incompatible, and that they can't both be handled credibly by the same government agency.
In case you've spent the past week under a rock, Heartbleed is the name security researchers have given to a subtle but serious bug in OpenSSL, a popular version of the Transport Layer Security (TLS) protocol - successor to the earlier Secore Sockets Layer (SSL) - that safeguards Internet traffic from prying eyes. When you log in to your online banking account or webmail service, the little lock icon that appears in your browser means SSL/TLS is scrambling the data to keep aspiring eavesdroppers away from your personal information. But an update to OpenSSL rolled out over two years ago contained a bug that would allow a hacker to trick sites into leaking information - including not only user passwords, but the master encryption keys used to secure all the site's traffic and verify that you're actually connected to MyBank.com rather than an impostor.
It's exactly the kind of bug you'd expect NSA to be on the lookout for, since documents leaked by Edward Snowden confirm that the agency has long been engaged in an "aggressive, multi-pronged effort to break widely used Internet encryption technologies". In fact, that effort appears to have yielded a major breakthrough against SSL/TLS way back in 2010, two years before the Heartbleed bug was introduced - a revelation that sparked a flurry of speculation among encryption experts, who wondered what hidden flaw the agency had found in the protocol so essential to the Internet's security.
Read the rest of this article at The Guardian...
The American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, a catastrophic vulnerability inside one of the most widely-used encryption protocols upon which we rely every day to secure our web communications. But the denial itself serves as a reminder that NSA's two fundamental missions - one defensive, one offensive - are fundamentally incompatible, and that they can't both be handled credibly by the same government agency.
In case you've spent the past week under a rock, Heartbleed is the name security researchers have given to a subtle but serious bug in OpenSSL, a popular version of the Transport Layer Security (TLS) protocol - successor to the earlier Secore Sockets Layer (SSL) - that safeguards Internet traffic from prying eyes. When you log in to your online banking account or webmail service, the little lock icon that appears in your browser means SSL/TLS is scrambling the data to keep aspiring eavesdroppers away from your personal information. But an update to OpenSSL rolled out over two years ago contained a bug that would allow a hacker to trick sites into leaking information - including not only user passwords, but the master encryption keys used to secure all the site's traffic and verify that you're actually connected to MyBank.com rather than an impostor.
It's exactly the kind of bug you'd expect NSA to be on the lookout for, since documents leaked by Edward Snowden confirm that the agency has long been engaged in an "aggressive, multi-pronged effort to break widely used Internet encryption technologies". In fact, that effort appears to have yielded a major breakthrough against SSL/TLS way back in 2010, two years before the Heartbleed bug was introduced - a revelation that sparked a flurry of speculation among encryption experts, who wondered what hidden flaw the agency had found in the protocol so essential to the Internet's security.
Read the rest of this article at The Guardian...