Does The Heartbleed Bug Make NSA The Real Threat To Your Internet Security?
It’s a pity that the infamous internet bug by the name Heartbleed still remains a major threat to more than half of the internet around the globe. It’s the major loophole in the OpenSSL that exposes over 500,000 websites using SSL/TLS encryption to hackers. Just so that you know, these allow access to amenities such as instant messaging, email and many VPNs. Who gets the prize? If a senior security advisor is to be believed, the National Security Agency (NSA) will turn out to be the real beneficiary of this internet vulnerability. Food for thought, huh?
Chet Wisniewski, a Sophos Security Senior Advisor, was rather candid in his claims on the matter when approached by Buzzfeed. He is of the view that the internet security flaw was merely an error as if “somebody just hit the ‘enter’ key before completing their thought.” Hence, he ruled out any involvement of the surveillance organizations. He did so for a reason, though. Chet believes that US security agencies like the NSA would pounce on the opportunity without notifying programming communities if they had any prior knowledge of the Heartbleed.
“That’s exactly what the leaked NSA programs are supposed to do: Find the flaws, exploit them and never tell anyone.”
However, Chet still believes that the NSA had the resources to use the kind of security flaw to its advantage: “You and I can look at that code all day long and we’re not going to find anything but if two independent organizations both uncovered the flaw last week, I’d put a good likelihood on a spy organization that was actively looking for and auditing these crypto libraries to find the bug.”
Not sure if this should be much consolation or a bigger reason to worry but Chet believes that anyone worrying that the “garden variety” hacker has discovered the vulnerability and exploiting it should stop worrying now. If there is anyone or anything capable of exploiting a flaw such as this, it is a spy agency.
“If you’re worried the NSA is capturing all your data then you have good reason because this bug is a dream for them.”
The Heartbleed is a major concern for that minority of websites that have admins visiting on a less frequent basis or ones that remain unattended for long. Since the hacker gains access to sensitive information such as the passwords, Heartbleed will be a serious threat to mid-range websites that are managed by rather less responsible admins. The bigger websites would have things sorted in no time given the bigger interests involved but the future remains bleak for those smaller entities.