encryption

NSA knew about and used Heartbleed web exploit

The tech web has been abuzz this week about what has been dubbed “Heartbleed,” a code exploit in the OpenSSL encryption system, which could have allowed hackers and cyberterrorists to access login credentials from some of the biggest websites in the world over the last two years. Lists were quickly constructed to explain to users which sites were affected and which passwords they needed to change immediately.

It turns out the NSA has known about the Heartbleed vulnerability for years, but never warned anyone that millions of Americans’ online identities could be at risk. Indeed, not only did they not sound the alarm, the  NSA used the bug to access those online accounts in its already questionable surveillance activities.

Better encryption for online services could throw a wrench in NSA mass surveillance efforts

Craig Timberg at the Washington Post has an important story on efforts to keep online communications and user data safe from the prying eyes of Uncle Sam.

Timberg explains that in the arms race between government agencies like the NSA and big tech companies, giants such as Microsoft, Google, Facebook and others, have begun to implement more and better encryption practices for online services. And even though encryption isn’t an absolute defense, it makes it much more difficult for the government to run large-scale surveillance programs:

[E]ncryption — essentially converting data into what appears to be gibberish when intercepted by outsiders — complicates government surveillance efforts, requiring that resources be devoted to decoding or otherwise defeating the systems…security experts say the time and energy required to defeat encryption forces surveillance efforts to be targeted more narrowly on the highest-priority targets — such as terrorism suspects — and limits the ability of governments to simply cast a net into the huge rivers of data flowing across the Internet.

Read the full article here.

A version of this article was originally published on rstreet.org.

Healthcare.gov users advised to change passwords

HealthCare.gov Heartbleed password prompt

Since the recent revelation about “Heartbleed,” a code exploit in OpenSSL encryption that allows hackers to access personal information, a number of websites have asked users to update passwords to protect themselves against any potential security breach.

The National Security Agency reportedly knew about Heartbleed for years and used the exploit to get around security encryption to access online accounts. The controversial intelligence agency, however, apparently never told anyone that about the security risk.

Though they say that “[t]here’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk,” federal officials are now advising users who have accounts on the federal Obamacare exchange to change their passwords:


The views and opinions expressed by individual authors are not necessarily those of other authors, advertisers, developers or editors at United Liberty.