Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Google Knew About Heartbleed and Didnít Tell the Government
National Journal ^ | April 14, 2014 | Brendan Sasso

Posted on 04/16/2014 12:55:45 PM PDT by george76

Federal systems remained vulnerable to hackers even after researchers identified the bug.

Google knew about a critical flaw in Internet security, but it didn't alert anyone in the government.

Neel Mehta, a Google engineer, first discovered "Heartbleed"—a bug that undermines the widely used encryption technology OpenSSL—some time in March. A team at the Finnish security firm Codenomicon discovered the flaw around the same time. Google was able to patch most of its services—such as email, search, and YouTube—before the companies publicized the bug on April 7.

The researchers also notified a handful of other companies about the bug before going public. The security firm CloudFlare, for example, said it fixed the flaw on March 31.

But the White House said Friday that no one in the federal government knew about the problem until April. The administration made the statement to deny an earlier Bloomberg report that the National Security Agency had been exploiting Heartbleed for years.

...

over the past eight months, many companies have taken a real hard look at their existing policies about tipping off the U.S. government," he said. "That's the price you pay when you're acting like an out-of-control offensive adversary."

(Excerpt) Read more at nationaljournal.com ...


TOPICS: Business/Economy; Crime/Corruption; Government; News/Current Events
KEYWORDS: cybersecurity; google; govtabuse; heartbleed; internet; internetsecurity; nsa; nsascandals; obama; security; snooping; spying; tyranny

1 posted on 04/16/2014 12:55:45 PM PDT by george76
[ Post Reply | Private Reply | View Replies]

To: george76
Google Knew About Heartbleed and Didn’t Tell the Government

So?

2 posted on 04/16/2014 1:00:06 PM PDT by WayneS (Help Control Politician Overpopulation - Spay or Neuter Your Senator or Congressman Today!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

Google is the government.


3 posted on 04/16/2014 1:00:44 PM PDT by dead (I've got my eye out for Mullah Omar.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

Truth be told it was probably created in the bowels of the NSA...


4 posted on 04/16/2014 1:00:48 PM PDT by VRWCarea51
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76
over the past eight months, many companies have taken a real hard look at their existing policies about tipping off the U.S. government," he said. "That's the price you pay when you're acting like an out-of-control offensive adversary."
 

Mega-dittoes on that. And if the government didn't know, then were are their NSA goons and spies?

5 posted on 04/16/2014 1:00:53 PM PDT by Responsibility2nd (NO LIBS. This Means Liberals and (L)libertarians! Same Thing. NO LIBS!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

NSA reportedly knew about it at least 2 years ago.

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html


6 posted on 04/16/2014 1:02:12 PM PDT by MulberryDraw (Repeal it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MulberryDraw

We spend umpity-umpteen billion dollars on the NSA every year, but yet the government has to rely on Google to find this stuff and tell them about it?


7 posted on 04/16/2014 1:08:48 PM PDT by Buckeye McFrog
[ Post Reply | Private Reply | To 6 | View Replies]

To: george76

http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html

http://en.wikipedia.org/wiki/Dual_EC

http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

Yes, it’s gone on for decades.


8 posted on 04/16/2014 1:14:29 PM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

I am sending a bill for the US’s HIPAA violation and I am being kind as I am assessing them at the lowest threshold $100/per violation. Let’s see 319 million people x $100= approx $32 billion dollars.

Make the check out to cash and I will be out to pick it up the end of next week.


9 posted on 04/16/2014 1:17:15 PM PDT by Cyman (We have to pass it to see what's in it= definition of stool sample)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

Google came out of Stanford, which has ancient ties with CIA, even older ties with globalist financial elites.


10 posted on 04/16/2014 1:17:38 PM PDT by PieterCasparzen (We have to fix things ourselves)
[ Post Reply | Private Reply | To 1 | View Replies]

To: VRWCarea51
From the WIKI article,

In 2011, Robin Seggelmann, then a Ph.D. student at the University of Duisburg-Essen, implemented the Heartbeat Extension for OpenSSL. Following Seggelmann's request to put the result of his work into OpenSSL, his change was reviewed by Stephen N. Henson, one of OpenSSL's four core developers.
Henson apparently failed to notice a bug in Seggelmann's implementation, and introduced the resulting vulnerability, Heartbleed, into OpenSSL's source code repository on December 31, 2011.
Heartbeat support was enabled by default, causing affected versions to be affected by default. The vulnerable code has been adopted to widespread use with the release of OpenSSL version 1.0.1 on March 14, 2012.

11 posted on 04/16/2014 1:19:21 PM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 4 | View Replies]

To: george76

There are probably at least a couple of hundred, if not THOUSANDS of people who have had their personal information stolen due to this KNOWN issue, but who wants to bet that Google’s CEO won’t be standing in front of any Congressional hearings about exposing every computer owner in America to such easy theft!!


12 posted on 04/16/2014 1:49:25 PM PDT by ExTxMarine (PRAYER: It's the only HOPE for real CHANGE in America!)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson