david wong

Hey ! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

NSA was not aware of the Heartbleed bug April 2014

NSA is not happy. NSA is tweeting, tumblring (is this a verb?) and shouting loud and for all of who wants to hear it : they didn't know about the Heartbleed bug.

by the way they're talking about a "zero day" vulnerability, and now is a good time to learn what it is:

a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it

I'm akin to trust them since... well. So many US websites were using OpenSSL and... it's not really nice if someone else eavesdrop on american citizen...

Anyway, this shows that the NSA has a long way to build trust again.

Well done! You've reached the end of my post. Now you can leave me a comment :)