Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heartbleed Turned Against Cyber Criminals

Posted by Soulskill on from the bringing-balance-to-the-force dept.

Rambo Tribble writes: "In a case of 'live by the sword, die by the sword,' researchers have used the now-infamous Heartlbeed bug in OpenSSL to gain access to black-hat forums. A French researcher named Steven K. is quoted as saying, 'The potential of this vulnerability affecting black-hat services is just enormous.' Reportedly, the criminal-minded sites Darkode and Damagelab have already been compromised." In related news, U.S. Cybersecurity Coordinator Michael Daniel posted an article at Whitehouse.gov yesterday reaffirming that the U.S. government had no prior knowledge of Heartbleed. He said, 'We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else.'

2 of 50 comments (clear)

  1. Core Infrastructure Initiative by John.Banister · · Score: 4, Insightful

    Perhaps Michael Daniel's office would care to contribute. It might benefit their ability to project power abroad.

  2. Re:NSA: Massively irresponsible/incompetent by Pseudonym · · Score: 4, Insightful

    Incompetent if they didn't find heartbleed [they are supposed to protect our infrastructure].

    The open source community didn't find it either. If it's any consolation, the NSA is probably about as competent as we are.

    --
    sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});