• Steve H. Hanke
    05/04/2016 - 08:00
    Authored by Steve H. Hanke of The Johns Hopkins University. Follow him on Twitter @Steve_Hanke. A few weeks ago, the Monetary Authority of Singapore (MAS) sprang a surprise. It announced that a...

Government Denies It Knew About, Abused Heartbleed Bug

Tyler Durden's picture




 

And with this official denial we can be certain that Bloomberg's disgruntled NSA sources were right.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

 

When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

 

In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

Now if only the NSA can also release a fabricated YouTube clip proving it never knew abused any compromised network anywhere, then all will be promptly forgiven and forgotten.

0
Your rating: None
 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 04/11/2014 - 16:55 | 4648989 Uncle Remus
Uncle Remus's picture

It's not even very good bullshit.

Fri, 04/11/2014 - 16:59 | 4649000 Future Jim
Future Jim's picture

<< I don't believe the US government in this case

<< I believe the US government in this case

Fri, 04/11/2014 - 17:02 | 4649032 McMolotov
McMolotov's picture

"Trust no one."

Everything I needed to know I learned from The X-Files.

(RIP Deep Throat.)

Fri, 04/11/2014 - 17:15 | 4649081 Gen. Keith Alexander
Gen. Keith Alexander's picture

We knew nothing about this!

Fri, 04/11/2014 - 17:27 | 4649124 free_lunch
free_lunch's picture

When it is engineered it"s called a feature!

 

Fri, 04/11/2014 - 17:55 | 4649219 edotabin
edotabin's picture

IIRC it was an "undocumented feature"?

Fri, 04/11/2014 - 17:55 | 4649218 Dick Buttkiss
Fri, 04/11/2014 - 19:15 | 4649437 Confused
Confused's picture

The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report

 

So is this an admission that the NSA is NOT part of the Federal Government, and that they now operate on their own?

 


Fri, 04/11/2014 - 17:02 | 4649034 pods
pods's picture

National Security or law enforcement need?
Since when have these people ever been able to differentiate between a want and a need?

pods 

Fri, 04/11/2014 - 17:07 | 4649050 Postal
Postal's picture

Same thing: If they want it, it automatically becomes a need.

Fri, 04/11/2014 - 17:52 | 4649212 midtowng
midtowng's picture

the NSA wouldn't lie to us. Spies are known for their honesty.

Sat, 04/12/2014 - 03:54 | 4650457 intric8
intric8's picture

...said as they walk you into the fema detention facility, automatic weapons in hand

Fri, 04/11/2014 - 17:58 | 4649231 Kaiser Sousa
Kaiser Sousa's picture

"A leak of the major findings of a landmark Senate inquiry into the CIA’s post-9/11 torture of terrorism detainees led, on Friday, to intensified pressure on the White House and the CIA to release the inquiry speedily and with a minimum of redactions.

The classified study, prepared by the Senate select committee on intelligence, concluded that the CIA’s interrogations, secret detentions and outsourced torture sessions were “brutal, and far worse than the agency communicated to policymakers.”

The conclusion that the CIA provided inaccurate information to the Justice Department reflects the findings of a top-secret investigation of the program by the CIA Inspector General’s Office that was triggered by allegations of abuse.

The CIA inspector general’s May 7, 2004, report, which was declassified, found that in waterboarding Zubaydah and Khalid Sheikh Mohammad, deemed the chief architect of the 9/11 attacks, the CIA went beyond the parameters it outlined to the Justice Department’s Office of Legal Counsel, which wrote the legal opinions.

Zubaydah was waterboarded 83 times, while Mohammad underwent the procedure 183 times.

Those cases clashed with the CIA’s assertion _ outlined in the now-declassified top-secret August 2002 Office of Legal Counsel opinion _ that repetition of the methods “will not be substantial because the techniques generally lose their effectiveness after several repetitions.”

http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...

Read more here: http://www.mcclatchydc.com/2014/04/11/224085/cias-use-of-harsh-interroga...
Fri, 04/11/2014 - 18:52 | 4649400 ragemachinest
ragemachinest's picture

It's all in the last sentence, "Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities".

Fri, 04/11/2014 - 16:59 | 4649012 Future Jim
Future Jim's picture

<< I don't believe the US government in general

<< I believe the US government in general

Fri, 04/11/2014 - 18:01 | 4649239 Dick Buttkiss
Dick Buttkiss's picture

I repeat: "Everything the state says is a lie, and everything it has it has stolen." — Friedrich Nieztsche

Fri, 04/11/2014 - 17:00 | 4649017 Future Jim
Future Jim's picture

<< I don't believe the US media in general

<< I believe the US media in general

Fri, 04/11/2014 - 17:16 | 4649089 PacOps
PacOps's picture
Sharyl Attkisson: When I'd Begin Getting Under Surface of an Obama Scandal, CBS Would Pull Me Off "There is unprecedented, I believe, influence on the media, not just the news, but the images you see everywhere. By well-orchestrated and financed campaign of special interests, political interests and corporations. I think all of that comes into play."

 

http://www.truthrevolt.org/news/sharyl-attkisson-when-id-begin-getting-u...

Fri, 04/11/2014 - 17:12 | 4649064 TheGardener
TheGardener's picture

I`am a zero day exploit : I can read the human mind.

I`am a zero hedge exploit, I can guess where my own mind should be headed while consuming ZH.

And, hold onto your non hedged seats, I used to crack code.

But before I`m flooded with headhunters request: just my own
and farts.

Sat, 04/12/2014 - 03:51 | 4650451 intric8
intric8's picture

A hearty hello to the nsa lurkers hanging out here. Please dont create a dossier on me.

Fri, 04/11/2014 - 17:32 | 4649142 post turtle saver
post turtle saver's picture

Russia Denies It Knew About, Abused Heartbleed Bug

China Denies It Knew About, Abused Heartbleed Bug

India Denies It Knew About, Abused Heartbleed Bug

Japan Denies It Knew About, Abused Heartbleed Bug

Bulgaria Denies It Knew About, Abused Heartbleed Bug

Your Mom Denies It Knew About, Abused Heartbleed Bug

Tyler Denies He Beats His Wife

deeeeeeerrrrrrpp de derp

Fri, 04/11/2014 - 16:56 | 4648991 walküre
walküre's picture

Awesome. It pretty much shut down the Canadian government websites this week until further notice. Canucks can't file their taxes. Why does this not happen in the US for once and for all?

Fri, 04/11/2014 - 18:07 | 4649256 Canuckistan Al
Canuckistan Al's picture

Well thats One way to look at it..............

OR

Perhaps its also true that those who have not yet filed will not get their refund checks anytime soon either?

Fri, 04/11/2014 - 19:18 | 4649443 Confused
Confused's picture

According to Washington Post many people won't be getting their refunds in the US......Period. 

 

http://www.washingtonpost.com/politics/social-security-treasury-target-h...

Fri, 04/11/2014 - 21:40 | 4649855 walküre
walküre's picture

..and so it begins. How many months does it buy them? Enough to ride out until QE4 gets announced?

Sat, 04/12/2014 - 13:59 | 4651413 JLee2027
JLee2027's picture

".... the result of a single sentence tucked into the farm bill lifting the 10-year statute of limitations on old debts to Uncle Sam."

Exactly how child support debt collection started. A 1986 amendment by Bill Bradley stuck onto another bill that had nothing to do with it. An endless debt that never goes away until paid. Never talked about, debated or voted on directly, but has had horrific effects on American families and their children for decades. Tyranny...there is no other term for this.

These kinds of things must be forbidden when the Constiution is revised.

 

My proposed changes in the coming Convention of the States:

Clarifications and changes to the powers of the Legislative Branch.

 

(1) All members of Congress are required to fully read each Bill and 

all Amendments, in full view of Congress, before voting on them. Any 

member who fails to do so shall be subject to confirming investigation 

and permanently barred from public office by the Vice President or 

the Speaker of the House.

(2) Amendments to a subject Bill are limited to the the scope of the Bill

itself. One subject per Bill.

(3) Congress shall have no ability to exempt themselves from legislation.

(4) There shall be lifetime limits of 20 years service for the Senate

and the House of Representatives.

(5) Federal Funding granted to any state is limited to 10% of that states 

last budget minus previous funding.

(6) Taxation can only be applied to consumption, ie. a national sales tax. This is a single tax

and there can be no other tax. Congress controls only the tax percentage.

(7) Congress is a part-time job, limited to one meeting per Month over a weekend, outside of emergencies.

Fri, 04/11/2014 - 16:56 | 4648992 NOTaREALmerican
NOTaREALmerican's picture

I believe them.

If you can't trust the US government, who can you trust?

Fri, 04/11/2014 - 17:01 | 4649024 McMolotov
McMolotov's picture

"Believe nothing until it has been officially denied."

Fri, 04/11/2014 - 17:06 | 4649045 Badabing
Badabing's picture

Do you Believe that's air your breathing?

Fri, 04/11/2014 - 17:08 | 4649053 unrulian
unrulian's picture

+100

Fri, 04/11/2014 - 17:11 | 4649067 Doubleguns
Doubleguns's picture

It's diesel fumes. 

Fri, 04/11/2014 - 18:17 | 4649294 KnightTakesKing
KnightTakesKing's picture

100% pure chemtrails.

Fri, 04/11/2014 - 16:56 | 4648993 Ascend
Ascend's picture

Do they think their power provides immunuity from the laws of the universe? 

Fri, 04/11/2014 - 16:56 | 4648995 icanhasbailout
icanhasbailout's picture

This is capital-T Treason.

Fri, 04/11/2014 - 16:56 | 4648998 Spumoni
Spumoni's picture

I smell sump'n funny 'round here...smells like...................buuuuuullshit.

 

Every American citizen strike beginning 14 November 2014. 

Fri, 04/11/2014 - 16:58 | 4649004 Spumoni
Spumoni's picture

Oh James, bring my Wellies...there's a good lad...and a noseclip!

Fri, 04/11/2014 - 16:59 | 4649013 WhiteWolf
WhiteWolf's picture

It will come to you and your last vote..I mean bullet.  MAKE IT COUNT RIGHT SQUARE IN THE FOREHEAD OF AN OR A AGENT OR SPOOK.

Fri, 04/11/2014 - 17:00 | 4649016 WhiteWolf
WhiteWolf's picture

Preferably AN IRS AGENT

Fri, 04/11/2014 - 17:02 | 4649027 Chuck Knoblauch
Chuck Knoblauch's picture

Feign incompetence when caught in a lie is the scumbag's textbook response.

Fri, 04/11/2014 - 18:59 | 4649414 cynicalskeptic
cynicalskeptic's picture

Though government s notoriously incompetent, I noticed that they're actuially VERY good at doing certain things when it is to their benefit.  They're VERY good at blackmailing politicians and eliminating those who are not suisceptible to such pressure.  

'Feigning' incompetence is right because I really really doubt that there's a Sgt. Schultz level of  "I know NOTHING...." at work with these guys.   

Fri, 04/11/2014 - 17:02 | 4649030 firstdivision
firstdivision's picture

Until Snowden releases that slide

Fri, 04/11/2014 - 17:13 | 4649073 Doubleguns
Doubleguns's picture

He becomes a bigger hero every day.

Fri, 04/11/2014 - 17:22 | 4649031 headhunt
headhunt's picture

.

Fri, 04/11/2014 - 17:03 | 4649036 PT
PT's picture

For those who need an explanation:

http://www.xkcd.com/1354/

I've made similar mistakes myself. 

Fri, 04/11/2014 - 17:11 | 4649065 seek
seek's picture

As have I. I've also submitted one-line kernel patches that have had probably 20 time more review than this did, so I think it's just a typical mistake that was missed by a woefully underfunded open source project.

Kind of ironic everyone is pissed about OpenSSL when you've got billion dollar companies using the software for free without having given it a single dime in funding or minute of their own developer's time and then being shocked that a bug got through review.

Fri, 04/11/2014 - 17:20 | 4649101 PT
PT's picture

Mind you when writing string checkers, you usually check the lengths before you bother to do anything else, and there's no reason to let the user tell you what those lengths are.

Sat, 04/12/2014 - 02:10 | 4650371 PT
PT's picture

You know, machine code is easy, machine code is fun, but it can be reeeeeeeeallly difficult getting hold of the vital little bits of information that you need.

Throughout my life there have been many people who asked me, "Why would you want to re-invent the wheel?" and they would look at me accusingly and I would look at them and think they just don't get it.  I was too taken aback to tell them that problems occur when someone else's wheel is a chair castor or a bicycle wheel and what you actually want is a set of mags for your V8.  Right now I want to round up all those fuckers and say, "SEEEEEEEE!!!!!!!!!  YOU STUPID FUCKWIT!  THIS IS WHAT HAPPENS WHEN YOU BRAINLESSLY TRUST SOMEONE ELSE'S WHEEL!!!!!!!!"

 

 

 

Aaah, good to get that off my chest.  I might do it again some time.

 

Fri, 04/11/2014 - 17:08 | 4649055 comob
comob's picture

Thank you for clearing that up Keith Alexander,

your integrity, just like your appointment, is unimpeachable.

Fri, 04/11/2014 - 17:12 | 4649068 pupdog1
pupdog1's picture

Backed by the full faith and credit of General Clapper.

Fri, 04/11/2014 - 17:21 | 4649103 Doubleguns
Doubleguns's picture

Thats right He would not lie to us. 

 

Clapper is just being more careful.

 

http://rt.com/usa/obama-dni-clapper-lie-485/

Do NOT follow this link or you will be banned from the site!