Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yep, in particular the Guardian article which the linked Reuters one is based on [1], says:

>"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."

> An internal agency memo noted that among British analysts shown a presentation on the NSA's progress: "Those not already briefed were gobsmacked!"

Which certainly sounds like SSL traffic was broadly compromised as far back as 2010.

That doesn't conclusively prove heartbleed isn't of use to these agencies though; for example one possible scenario is that the British analysts were "gobsmacked" by some other undisclosed vulnerability similar in scope to this one, which has since been fixed (and, if you're inclined that way, you could theorize that heartbleed was introduced to replace it..)

[1] http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryp...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: