[tor-relays] NSA knew about Heartbleed

Roger Dingledine arma at mit.edu
Sat Apr 12 21:00:58 UTC 2014

On Sat, Apr 12, 2014 at 08:45:23PM +0000, Delton Barnes wrote:
> "Two sources familiar with matter" could merely be two computer security
> experts who have an unsubstantiated opinion that the NSA was exploiting
> this beforehand.  We have no idea how credible these sources are.

I agree.

I'm assuming that particular article is nonsense until somebody shows up
with some actual details. I guess it's hot to point at NSA conspiracies
these days. But doing it in this case undermines the *actual* NSA
conspiracies that we should indeed be upset about.

Maybe there *is* yet another NSA conspiracy here, but I don't believe
in one any more after reading the article than before it.

> That said, if you carefully parse the statement from DNI, it seems to me
> to imply they were aware of the Heartbleed vulnerability in 2014.  Why
> would they say "before 2014" instead of "before its disclosure Monday"
> or something?

Careful here -- the article is selectively quoting, maybe to stir things
up more. The actual phrase from the DNI denial is "before April 2014".

In any case, the conclusion ("oh crap, upgrade and throw out your
old keys") is still accurate.


More information about the tor-relays mailing list