The National Security Agency has denied a report that it failed to warn the public about the Heartbleed bug so it could gather more intelligence about web users.
The report highlighted that the NSA became familiar with the Heartbleed bug back in 2012 when a programmer was making adjustments in Open SSL. Rather than fixing the problem, the NSA used the bug to their advantage to steal account passwords.
Both the White House and the NSA denied the allegations however with the growing mistrust and skepticism already surrounding the NSA, it seems that many are finding it hard to believe them.
They released a statement shortly after the report was released stating, “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong.”
One member of a security firm, Marc Maiffret had this to add- “I don’t know first-hand that the NSA knew of this bug previously, but I don’t believe one has to stretch their imagination far to believe that to be a strong possibility.”
“There are vulnerabilities that are known to some researchers and, yes, they are not disclosed to the public and to the general security community,” added Philip Lieberman, president of Lieberman Software, another security firm.
Still, he said: “When you find something that is this nasty, you generally go get it fixed quietly.”