Posted on 04/16/2014 12:55:45 PM PDT by george76
Federal systems remained vulnerable to hackers even after researchers identified the bug.
Google knew about a critical flaw in Internet security, but it didn't alert anyone in the government.
Neel Mehta, a Google engineer, first discovered "Heartbleed"—a bug that undermines the widely used encryption technology OpenSSL—some time in March. A team at the Finnish security firm Codenomicon discovered the flaw around the same time. Google was able to patch most of its services—such as email, search, and YouTube—before the companies publicized the bug on April 7.
The researchers also notified a handful of other companies about the bug before going public. The security firm CloudFlare, for example, said it fixed the flaw on March 31.
But the White House said Friday that no one in the federal government knew about the problem until April. The administration made the statement to deny an earlier Bloomberg report that the National Security Agency had been exploiting Heartbleed for years.
...
over the past eight months, many companies have taken a real hard look at their existing policies about tipping off the U.S. government," he said. "That's the price you pay when you're acting like an out-of-control offensive adversary."
(Excerpt) Read more at nationaljournal.com ...
So?
Google is the government.
Truth be told it was probably created in the bowels of the NSA...
Mega-dittoes on that. And if the government didn't know, then were are their NSA goons and spies?
NSA reportedly knew about it at least 2 years ago.
We spend umpity-umpteen billion dollars on the NSA every year, but yet the government has to rely on Google to find this stuff and tell them about it?
http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html
http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html
http://en.wikipedia.org/wiki/Dual_EC
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
Yes, it’s gone on for decades.
I am sending a bill for the US’s HIPAA violation and I am being kind as I am assessing them at the lowest threshold $100/per violation. Let’s see 319 million people x $100= approx $32 billion dollars.
Make the check out to cash and I will be out to pick it up the end of next week.
Google came out of Stanford, which has ancient ties with CIA, even older ties with globalist financial elites.
In 2011, Robin Seggelmann, then a Ph.D. student at the University of Duisburg-Essen, implemented the Heartbeat Extension for OpenSSL. Following Seggelmann's request to put the result of his work into OpenSSL, his change was reviewed by Stephen N. Henson, one of OpenSSL's four core developers.
Henson apparently failed to notice a bug in Seggelmann's implementation, and introduced the resulting vulnerability, Heartbleed, into OpenSSL's source code repository on December 31, 2011.
Heartbeat support was enabled by default, causing affected versions to be affected by default. The vulnerable code has been adopted to widespread use with the release of OpenSSL version 1.0.1 on March 14, 2012.
There are probably at least a couple of hundred, if not THOUSANDS of people who have had their personal information stolen due to this KNOWN issue, but who wants to bet that Google’s CEO won’t be standing in front of any Congressional hearings about exposing every computer owner in America to such easy theft!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.