The Heartbleed SSL bug is no joke. If you don't know, SSL is the security mechanism that websites use for HTTPS security. Your bank, your Facebook account, your mortgage lender, your online stores, your home router, everything uses HTTPS for encryption and this bug is something that compromises all of that, and its been there for 3 years! It was a bug that the developers, had they discovered it sooner, they would have patched it immediately, but they didn't know about it. Turns out the NSA did know about it, and they chose to keep it a secret, and worse to exploit it.
Reports claim that the NSA not only knew, for years I might add, about this bug, but they exploited it to get our private information. Its almost hilarious how much they were able to acquire.
Marco Arment gave his input on this, and I mostly agree with him on this. The NSA exploits and undermines the security of major tech companies and infrastructures to steal information, to infringe on privacy, and to sabotage the backbones of the internet in order to get this information. To me, the worst thing about the NSA, aside from the fact that they maliciously steal our private data and take no heed as to what they steal, is that after all that, the NSA refuses to be helpful, they refuse to use their powers to do anything good.
The NSA knew about this bug years ago, years ago, and did nothing. They took advantage of it instead of fixing it. Software, and security won't get better without the people who discover these vulnerabilities telling the developers about it so they can, wait for it, FIX IT! We don't know who else was able to steal data during those years and its bad enough that even the NSA did. Wouldn't we all be better off if they used their billions of dollars to help the world's security, and not compromise it? To me that's the real danger of the NSA. They spend billions and act just as maliciously as common hackers. They aren't doing the world any good, they're just assholes.
Note: What's worse is that the bug has been out there so long and is in so many systems that it will be a long time before its fully patched, and your data is vulnerable the entire time that's the case.
Other Links: RSS Feed, JSON Feed, Status Page →