It gets really nasty if the people with the Snowden documents start having them reviewed by tech people looking for this type of problem.
]]>However, there is this:
Would You Trust The NSA’s Advice On How To Deal With Heartbleed?
the response seems to be a resounding “NO”! Funny, that. 🙂
regarding Heartbleed, there is another consequence that so far very few people are talking about, to whit:
Heartbleed’s Intranet & VPN Connection
…
“The immediate focus should have been on the perimeter and external websites. But the long-term devastation and real cost is from the internal [network] perspective,” says Rob Seger, distinguished engineer at Palo Alto Networks. “Being able to steal all the data carte blanche is, in my opinion, a more lasting and negative” outcome of Heartbleed.The list of potentially vulnerable internal assets is massive — everything from internal web servers for mission-critical internal applications to SSL-enabled services such as FTP over SSL, VOIP phones, printers, VPN servers, and VPN clients. “The reality is that it’s going to take 4-5 years minimum for the larger enterprises to clean this up,” assuming they know where all their vulnerable SSL-based services and products reside in the network, Seger says.
Identifying and patching those internal Heartbleed-vulnerable systems will take time, and in many cases, not everything will get patched. Some lower-profile devices may not ever receive vendor patches, security experts say, and legacy systems could get lost in the patch shuffle.
A VOIP phone, for example, could be exploited to listen in on calls, and data within documents coming off a printer would be at risk of interception. Client machines, meanwhile, are vulnerable via a Heartbleed exploit service they connect to, which could collect data from those machines, experts say.
“This made it so a script kiddie can leverage APT-level attacks… by stealing a Python script off the web, he can do things only APTs can do,” Palo Alto’s Seger says.
…
Very nasty! And does the incredibly moronic & ignorant Obama Administration or NSA care? LMAO What a stupid question! Of course not! Nor, apparently, do many other government’s. But they will, one day. When it’s too late. Oh, wait… it is too late!
]]>