That Terrible, No Good, Horrible Internet Security Flaw You've been Hearing About? The NSA Exploited it.
Well, this is just great. The Heartbleed security flaw impacts a whole lot of web sites that everyone believed were secure. The NSA knew about it at least two years ago, but rather than alert Americans (and the rest of the world, of course) about it so that we could protect ourselves, No Such Agency decided that the flaw was a feature, and not a bug.
Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
What's our government supposed to do? Oh right, provide for the common defense of its citizens. One would think that defending citizens against criminal hackers and who knows who internationally would have been part of that. Apparently not.