On Sat, Apr 12, 2014 at 08:45:23PM +0000, Delton Barnes wrote:
"Two sources familiar with matter" could merely be two computer security experts who have an unsubstantiated opinion that the NSA was exploiting this beforehand. We have no idea how credible these sources are.
I agree.
I'm assuming that particular article is nonsense until somebody shows up with some actual details. I guess it's hot to point at NSA conspiracies these days. But doing it in this case undermines the *actual* NSA conspiracies that we should indeed be upset about.
Maybe there *is* yet another NSA conspiracy here, but I don't believe in one any more after reading the article than before it.
That said, if you carefully parse the statement from DNI, it seems to me to imply they were aware of the Heartbleed vulnerability in 2014. Why would they say "before 2014" instead of "before its disclosure Monday" or something?
Careful here -- the article is selectively quoting, maybe to stir things up more. The actual phrase from the DNI denial is "before April 2014".
In any case, the conclusion ("oh crap, upgrade and throw out your old keys") is still accurate.
--Roger