The NSA is an organization that has its fair share of detractors, where we did mention how the NSA was aware of the Heartbleed vulnerability for years at the end of last week. It seems as though the US National Security Agency (NSA) has stepped forward to deny any knowledge of the Heartbleed online security flaw since, touting that they do not know and were not aware of the flaw in OpenSSL which could be exploited to harvest data.
Just a side note here for the uninitiated – OpenSSL happens to be an online-data scrambling software that is used to protect sensitive data, with passwords being one of them. It was in 2013 that NSA leaker Edward Snowden claimed the NSA themselves introduced vulnerabilities to security software on purpose, which has led to such speculation that has since been denied by the NSA.
In fact, Robin Seggelman, a German computer programmer, has already stepped forward to accept responsibility for the Heartbleed bug’s existence, saying, “It’s tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies, but in this case it was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area. It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project.”
Well, there you have it – Heartbleed stemmed from Seggelman’s effort in making amends to the OpenSSL cryptographic library at the end of 2011.