This page has been archived and commenting is disabled.

Government Denies It Knew About, Abused Heartbleed Bug

Tyler Durden's picture




 

And with this official denial we can be certain that Bloomberg's disgruntled NSA sources were right.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

 

When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

 

In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

Now if only the NSA can also release a fabricated YouTube clip proving it never knew abused any compromised network anywhere, then all will be promptly forgiven and forgotten.

 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 04/11/2014 - 16:55 | 4648989 Uncle Remus
Uncle Remus's picture

It's not even very good bullshit.

Fri, 04/11/2014 - 16:59 | 4649000 Future Jim
Future Jim's picture

<< I don't believe the US government in this case

<< I believe the US government in this case

Fri, 04/11/2014 - 17:02 | 4649032 McMolotov
McMolotov's picture

"Trust no one."

Everything I needed to know I learned from The X-Files.

(RIP Deep Throat.)

Fri, 04/11/2014 - 17:15 | 4649081 Gen. Keith Alexander
Gen. Keith Alexander's picture

We knew nothing about this!

Fri, 04/11/2014 - 17:27 | 4649124 free_lunch
free_lunch's picture

When it is engineered it"s called a feature!

 

Fri, 04/11/2014 - 17:55 | 4649219 edotabin
edotabin's picture

IIRC it was an "undocumented feature"?

Fri, 04/11/2014 - 19:15 | 4649437 Confused
Confused's picture

The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report

 

So is this an admission that the NSA is NOT part of the Federal Government, and that they now operate on their own?

 


Fri, 04/11/2014 - 17:02 | 4649034 pods
pods's picture

National Security or law enforcement need?
Since when have these people ever been able to differentiate between a want and a need?

pods 

Fri, 04/11/2014 - 17:07 | 4649050 Postal
Postal's picture

Same thing: If they want it, it automatically becomes a need.

Fri, 04/11/2014 - 17:52 | 4649212 midtowng
midtowng's picture

the NSA wouldn't lie to us. Spies are known for their honesty.

Sat, 04/12/2014 - 03:54 | 4650457 intric8
intric8's picture

...said as they walk you into the fema detention facility, automatic weapons in hand

Fri, 04/11/2014 - 17:58 | 4649231 Kaiser Sousa
Kaiser Sousa's picture

"A leak of the major findings of a landmark Senate inquiry into the CIA’s post-9/11 torture of terrorism detainees led, on Friday, to intensified pressure on the White House and the CIA to release the inquiry speedily and with a minimum of redactions.

The classified study, prepared by the Senate select committee on intelligence, concluded that the CIA’s interrogations, secret detentions and outsourced torture sessions were “brutal, and far worse than the agency communicated to policymakers.”

The conclusion that the CIA provided inaccurate information to the Justice Department reflects the findings of a top-secret investigation of the program by the CIA Inspector General’s Office that was triggered by allegations of abuse.

The CIA inspector general’s May 7, 2004, report, which was declassified, found that in waterboarding Zubaydah and Khalid Sheikh Mohammad, deemed the chief architect of the 9/11 attacks, the CIA went beyond the parameters it outlined to the Justice Department’s Office of Legal Counsel, which wrote the legal opinions.

Zubaydah was waterboarded 83 times, while Mohammad underwent the procedure 183 times.

Those cases clashed with the CIA’s assertion _ outlined in the now-declassified top-secret August 2002 Office of Legal Counsel opinion _ that repetition of the methods “will not be substantial because the techniques generally lose their effectiveness after several repetitions.”

http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...

Read more here: http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...
Fri, 04/11/2014 - 18:52 | 4649400 ragemachinest
ragemachinest's picture

It's all in the last sentence, "Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities".

Fri, 04/11/2014 - 16:59 | 4649012 Future Jim
Future Jim's picture

<< I don't believe the US government in general

<< I believe the US government in general

Fri, 04/11/2014 - 18:01 | 4649239 Dick Buttkiss
Dick Buttkiss's picture

I repeat: "Everything the state says is a lie, and everything it has it has stolen." — Friedrich Nieztsche

Fri, 04/11/2014 - 17:00 | 4649017 Future Jim
Future Jim's picture

<< I don't believe the US media in general

<< I believe the US media in general

Fri, 04/11/2014 - 17:16 | 4649089 PacOps
PacOps's picture
Sharyl Attkisson: When I'd Begin Getting Under Surface of an Obama Scandal, CBS Would Pull Me Off "There is unprecedented, I believe, influence on the media, not just the news, but the images you see everywhere. By well-orchestrated and financed campaign of special interests, political interests and corporations. I think all of that comes into play."

 

http://www.truthrevolt.org/news/sharyl-attkisson-when-id-begin-getting-u...

Fri, 04/11/2014 - 17:12 | 4649064 TheGardener
TheGardener's picture

I`am a zero day exploit : I can read the human mind.

I`am a zero hedge exploit, I can guess where my own mind should be headed while consuming ZH.

And, hold onto your non hedged seats, I used to crack code.

But before I`m flooded with headhunters request: just my own
and farts.

Sat, 04/12/2014 - 03:51 | 4650451 intric8
intric8's picture

A hearty hello to the nsa lurkers hanging out here. Please dont create a dossier on me.

Fri, 04/11/2014 - 17:32 | 4649142 post turtle saver
post turtle saver's picture

Russia Denies It Knew About, Abused Heartbleed Bug

China Denies It Knew About, Abused Heartbleed Bug

India Denies It Knew About, Abused Heartbleed Bug

Japan Denies It Knew About, Abused Heartbleed Bug

Bulgaria Denies It Knew About, Abused Heartbleed Bug

Your Mom Denies It Knew About, Abused Heartbleed Bug

Tyler Denies He Beats His Wife

deeeeeeerrrrrrpp de derp

Fri, 04/11/2014 - 16:56 | 4648991 walküre
walküre's picture

Awesome. It pretty much shut down the Canadian government websites this week until further notice. Canucks can't file their taxes. Why does this not happen in the US for once and for all?

Fri, 04/11/2014 - 18:07 | 4649256 Canuckistan Al
Canuckistan Al's picture

Well thats One way to look at it..............

OR

Perhaps its also true that those who have not yet filed will not get their refund checks anytime soon either?

Fri, 04/11/2014 - 19:18 | 4649443 Confused
Confused's picture

According to Washington Post many people won't be getting their refunds in the US......Period. 

 

http://www.washingtonpost.com/politics/social-security-treasury-target-h...

Fri, 04/11/2014 - 21:40 | 4649855 walküre
walküre's picture

..and so it begins. How many months does it buy them? Enough to ride out until QE4 gets announced?

Sat, 04/12/2014 - 13:59 | 4651413 JLee2027
JLee2027's picture

".... the result of a single sentence tucked into the farm bill lifting the 10-year statute of limitations on old debts to Uncle Sam."

Exactly how child support debt collection started. A 1986 amendment by Bill Bradley stuck onto another bill that had nothing to do with it. An endless debt that never goes away until paid. Never talked about, debated or voted on directly, but has had horrific effects on American families and their children for decades. Tyranny...there is no other term for this.

These kinds of things must be forbidden when the Constiution is revised.

 

My proposed changes in the coming Convention of the States:

Clarifications and changes to the powers of the Legislative Branch.

 

(1) All members of Congress are required to fully read each Bill and 

all Amendments, in full view of Congress, before voting on them. Any 

member who fails to do so shall be subject to confirming investigation 

and permanently barred from public office by the Vice President or 

the Speaker of the House.

(2) Amendments to a subject Bill are limited to the the scope of the Bill

itself. One subject per Bill.

(3) Congress shall have no ability to exempt themselves from legislation.

(4) There shall be lifetime limits of 20 years service for the Senate

and the House of Representatives.

(5) Federal Funding granted to any state is limited to 10% of that states 

last budget minus previous funding.

(6) Taxation can only be applied to consumption, ie. a national sales tax. This is a single tax

and there can be no other tax. Congress controls only the tax percentage.

(7) Congress is a part-time job, limited to one meeting per Month over a weekend, outside of emergencies.

Fri, 04/11/2014 - 16:56 | 4648992 NOTaREALmerican
NOTaREALmerican's picture

I believe them.

If you can't trust the US government, who can you trust?

Fri, 04/11/2014 - 17:01 | 4649024 McMolotov
McMolotov's picture

"Believe nothing until it has been officially denied."

Fri, 04/11/2014 - 17:06 | 4649045 Badabing
Badabing's picture

Do you Believe that's air your breathing?

Fri, 04/11/2014 - 17:08 | 4649053 unrulian
unrulian's picture

+100

Fri, 04/11/2014 - 17:11 | 4649067 Doubleguns
Doubleguns's picture

It's diesel fumes. 

Fri, 04/11/2014 - 18:17 | 4649294 KnightTakesKing
KnightTakesKing's picture

100% pure chemtrails.

Fri, 04/11/2014 - 16:56 | 4648993 Ascend
Ascend's picture

Do they think their power provides immunuity from the laws of the universe? 

Fri, 04/11/2014 - 16:56 | 4648995 icanhasbailout
icanhasbailout's picture

This is capital-T Treason.

Fri, 04/11/2014 - 16:56 | 4648998 Spumoni
Spumoni's picture

I smell sump'n funny 'round here...smells like...................buuuuuullshit.

 

Every American citizen strike beginning 14 November 2014. 

Fri, 04/11/2014 - 16:58 | 4649004 Spumoni
Spumoni's picture

Oh James, bring my Wellies...there's a good lad...and a noseclip!

Fri, 04/11/2014 - 16:59 | 4649013 WhiteWolf
WhiteWolf's picture

It will come to you and your last vote..I mean bullet.  MAKE IT COUNT RIGHT SQUARE IN THE FOREHEAD OF AN OR A AGENT OR SPOOK.

Fri, 04/11/2014 - 17:00 | 4649016 WhiteWolf
WhiteWolf's picture

Preferably AN IRS AGENT

Fri, 04/11/2014 - 17:02 | 4649027 Chuck Knoblauch
Chuck Knoblauch's picture

Feign incompetence when caught in a lie is the scumbag's textbook response.

Fri, 04/11/2014 - 18:59 | 4649414 cynicalskeptic
cynicalskeptic's picture

Though government s notoriously incompetent, I noticed that they're actuially VERY good at doing certain things when it is to their benefit.  They're VERY good at blackmailing politicians and eliminating those who are not suisceptible to such pressure.  

'Feigning' incompetence is right because I really really doubt that there's a Sgt. Schultz level of  "I know NOTHING...." at work with these guys.   

Fri, 04/11/2014 - 17:02 | 4649030 firstdivision
firstdivision's picture

Until Snowden releases that slide

Fri, 04/11/2014 - 17:13 | 4649073 Doubleguns
Doubleguns's picture

He becomes a bigger hero every day.

Fri, 04/11/2014 - 17:22 | 4649031 headhunt
headhunt's picture

.

Fri, 04/11/2014 - 17:03 | 4649036 PT
PT's picture

For those who need an explanation:

http://www.xkcd.com/1354/

I've made similar mistakes myself. 

Fri, 04/11/2014 - 17:11 | 4649065 seek
seek's picture

As have I. I've also submitted one-line kernel patches that have had probably 20 time more review than this did, so I think it's just a typical mistake that was missed by a woefully underfunded open source project.

Kind of ironic everyone is pissed about OpenSSL when you've got billion dollar companies using the software for free without having given it a single dime in funding or minute of their own developer's time and then being shocked that a bug got through review.

Fri, 04/11/2014 - 17:20 | 4649101 PT
PT's picture

Mind you when writing string checkers, you usually check the lengths before you bother to do anything else, and there's no reason to let the user tell you what those lengths are.

Sat, 04/12/2014 - 02:10 | 4650371 PT
PT's picture

You know, machine code is easy, machine code is fun, but it can be reeeeeeeeallly difficult getting hold of the vital little bits of information that you need.

Throughout my life there have been many people who asked me, "Why would you want to re-invent the wheel?" and they would look at me accusingly and I would look at them and think they just don't get it.  I was too taken aback to tell them that problems occur when someone else's wheel is a chair castor or a bicycle wheel and what you actually want is a set of mags for your V8.  Right now I want to round up all those fuckers and say, "SEEEEEEEE!!!!!!!!!  YOU STUPID FUCKWIT!  THIS IS WHAT HAPPENS WHEN YOU BRAINLESSLY TRUST SOMEONE ELSE'S WHEEL!!!!!!!!"

 

 

 

Aaah, good to get that off my chest.  I might do it again some time.

 

Fri, 04/11/2014 - 17:08 | 4649055 comob
comob's picture

Thank you for clearing that up Keith Alexander,

your integrity, just like your appointment, is unimpeachable.

Fri, 04/11/2014 - 17:12 | 4649068 pupdog1
pupdog1's picture

Backed by the full faith and credit of General Clapper.

Fri, 04/11/2014 - 17:21 | 4649103 Doubleguns
Doubleguns's picture

Thats right He would not lie to us. 

 

Clapper is just being more careful.

 

http://rt.com/usa/obama-dni-clapper-lie-485/

Fri, 04/11/2014 - 17:13 | 4649072 knotjammin2
knotjammin2's picture

OOOOOOOOOH!!!  So the spying and lying NSA say they didn't know!  Bullshit!! So we're supposed to believe them now. LMFAO!!  The NSA pukes created the damn virus and used it for years.  They have the damn anti-virus software for it and that's a fact.  

Fri, 04/11/2014 - 17:14 | 4649077 q99x2
q99x2's picture

Can't we get Clapper to move to China.

Fri, 04/11/2014 - 17:15 | 4649084 Fix-ItSilly
Fix-ItSilly's picture

"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed..."

But the Govt is already on the record for secretly exploiting vulnerabilities in SWIFT, Facebook, Google, commandeering notebook cameras through Yahoo, etc.

I'll file this with my Affordable Care paperwork.  This week my renewal quote was received - for the same policy a 38% increase.

Fri, 04/11/2014 - 17:16 | 4649086 dot_bust
dot_bust's picture

And this is all very touching because, back in 2011, Reuters ran an article about how the NSA was helping Wall Street banks battle hackers: http://www.reuters.com/article/2011/10/26/us-cybersecurity-banks-idUSTRE...

Now we know why Goldman Sachs no longer needs high-frequency trading and dark pools to rig the markets.

Fri, 04/11/2014 - 17:18 | 4649091 Fix-ItSilly
Fix-ItSilly's picture

Within hours the NSA and CIA was able to audit itself and honestly report back?

Senator Feinstein must then be lying about her run-ins.

Fri, 04/11/2014 - 17:21 | 4649106 Tinky
Tinky's picture

Before I believe this claim, I'd like some further assurances from James Clapper.

Fri, 04/11/2014 - 17:30 | 4649131 ebworthen
ebworthen's picture

They didn't know about it until they did, and when they did, the did whatever necessary to keep you safe - so stop asking pesky questions and get back to work.

Fri, 04/11/2014 - 17:32 | 4649143 Bill of Rights
Bill of Rights's picture

NSA staring as Hogans Heroes

Fri, 04/11/2014 - 17:35 | 4649149 Zymurguy
Zymurguy's picture

Cough, cough, bullshit, cough, newman, cough, bullshit, cough

Fri, 04/11/2014 - 17:36 | 4649151 Boxed Merlot
Boxed Merlot's picture

Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities...

 

 

Pray tell when was the last time these botards didn't use this as their cover?  At the expense of raising the ire of more heretofore US "believers", I for one was thankful for the 9/11 reference included in the PCR's ZH article yesterday.  It will be very weird to see that nugget of truth being assimilated by j6p as the “news” of Direct Energy Weapons begins to take residence in their cranium.  And to think even this is “old” technology.

Thank you Mr. Tesla.  And I don’t mean the car.

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CDsQtwIwAw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DbITl3lmbWb8&ei=tF5IU6DHGKy6yAGC0oCQBg&usg=AFQjCNFAvmBBcc4fYGOgZ8GC4YxjIi1JKA&bvm=bv.64542518,d.aWc

Fri, 04/11/2014 - 17:44 | 4649180 Ifigenia
Ifigenia's picture

US govenment? The taliban government was better, at least they leveled the production of heroine in Afghanistan to almost zero.

Fri, 04/11/2014 - 20:03 | 4649551 BigJim
BigJim's picture

THAT'S good? Why shouldn't people who want to take heroine, take heroine? And why shouldn't people grow it for them?

Fri, 04/11/2014 - 21:05 | 4649744 Ifigenia
Ifigenia's picture

ask Soros

Fri, 04/11/2014 - 17:47 | 4649194 sudzee
sudzee's picture

Give .gov a break. If they are going to confiscate your stuff they have to have your passwords.

Fri, 04/11/2014 - 17:51 | 4649206 DIgnified
DIgnified's picture

Not even trying anymore. 

USTR Warns That EU-Only Cloud To Avoid NSA Surveillance May Violate Trade Agreements

Link: https://www.techdirt.com/articles/20140409/08121226855/ustr-makes-ill-ju...

Sat, 04/12/2014 - 06:22 | 4650543 smacker
smacker's picture

Erh, so when the EU tells the USG "Hey, Hey, Get Off My Cloud", the USG simply says they have a legal right.

That's assuming Barroso's head isn't already up in the cloud.

Fri, 04/11/2014 - 18:10 | 4649270 Ariadne
Fri, 04/11/2014 - 18:31 | 4649331 y3maxx
y3maxx's picture

...USSA just lost any allies it had left.

Fri, 04/11/2014 - 20:49 | 4649698 Seize Mars
Seize Mars's picture

Lies

Sat, 04/12/2014 - 00:51 | 4650261 dunce
dunce's picture

Our government has reached complete cry wolf status. Even when they tell the truth no one believes anymore. There are daily revelations of lies about things large and small. Recency bias causes constant distrust, the last lie is fresh in peoples minds plus the long list of longer dated lies. The most frequent and biggest lies have been from the highest levels of our government. the truth will out sooner or later and with the internet it is more often sooner. Incompetence is not conducive to control of the narrative.

Sat, 04/12/2014 - 02:44 | 4650402 Aussiekiwi
Aussiekiwi's picture

Its really really hard to believe the NSA with all of their experts were unaware of this for years until somebody made it public on the Internet....really really hard, but, I will give them the benefit of the doubt, its not like the NSA has ever been caught out lying to anybody in the past.

Sat, 04/12/2014 - 03:57 | 4650464 intric8
intric8's picture

<---- see that green button? Press it if u want to get laid

Sat, 04/12/2014 - 04:46 | 4650501 unirealist
unirealist's picture

I notice that the repeated denials are always about knowledge of the Heartbleed "vulnerability."

What that means to me is that the NSA has been exploiting the SSL flaw but did not see the flaw as a vulnerability.

Maybe they reasoned that since they were the only ones who knew about it and therefore the only ones who could exploit it, it wasn't a vulnerability. It was simply a feature they could take advantage of.

Suppose whenever you are sleeping I look into your wallet to see how much cash you have. It's a good thing for me to know.

Then one day a burglar enters your house the same way I did and robs the cash from your wallet.

"Well, shit!" I declare. "If I had known about that VULNERABILITY, I would have said something!"

See what I mean? But then I've come to the conclusion that everything the gov't says is somehow a lie.

They even lie when they don't have to, because they know there just has to be a good reason not to tell the truth. 

Sat, 04/12/2014 - 08:18 | 4650644 Pee Wee
Pee Wee's picture

Are these lawless pig fuckers still eaesdropping on US citizen communications en masse?  Are they still collecting metadata and all other content without a warrant?  Yes?

Then NSA SHUT THE FUCK UP!

Sat, 04/12/2014 - 12:27 | 4651168 notadouche
notadouche's picture

So trillions of "black ops tech" dollars have been spent surreptitiously over the years and the government is telling the citizen that this money has effectively been wasted, outside of course the spying, recording and storage of all communications?

 If this bug has been around so long and our crack team of cyber security experts (that are as much to blame for bankrupting our treasury as any other government operation)  have been clueless until April of 2014 then WTF???   I suppose the US government is more comfortable admitting gross negligence and incompetence than it is in admitting to being corrupt and dishonest.  

Whatever intellectually honest press that is left in America, the taxpayer ,  nor corporate America should not remotely accept either scenario.   C'mon now, enough is enough already!  

Mon, 04/14/2014 - 03:00 | 4656009 Archduke
Archduke's picture

right. can the NSA produce a list of past advisories?
60 years of oversight, and not a single public notice.

Do NOT follow this link or you will be banned from the site!