NSA Exploited Heartbleed Bug for Intelligence for Years

.........
Millions of Android Devices Vulnerable to Heartbleed Bug
.........

NSA Said to Exploit Heartbleed Bug for Intelligence for Years
.........

NSA Is Hunting Flaws So They Can HACK Your Data
.........
Michael Riley
.........
he NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets.

The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development.

While many Internet companies rely on the free code, its integrity depends on a small number of underfunded researchers who devote their energies to the projects.

In contrast, the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified. The agency found Heartbleed shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.

The NSA protects the computers of the government and critical industry from cyber-attacks, while gathering troves of intelligence attacking the computers of others, including terrorist organizations, nuclear smugglers and other governments.

When researchers uncovered the Heartbleed bug hiding in plain sight and made it public on April 7, it underscored an uncomfortable truth: The public may be placing too much trust in software and hardware developers to insure the security of our most sensitive transactions.

The potential stems from a flawed implementation of protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker.

The vulnerability existed in the transmission of ordinary data.

The NSA has a range of options, including exploiting the vulnerability to gain intelligence for a short period of time and then discreetly contacting software makers or open source researchers to fix it.

The SSL protocol has a history of security problems and is not the primary form of protection governments and others use to transmit highly sensitive information.
...........
...........
Jordan Robertson
...........
Millions of Android Devices Vulnerable to Heartbleed Bug
..........
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

While Google said in a blog post on April 9 that all versions of Android are immune to the flaw, it added that the “limited exception” was one version dubbed 4.1.1, which was released in 2012.

Security researchers said that version of Android is still used in millions of smartphones and tablets, including popular models made by Samsung Electronics Co., HTC Corp. and other manufacturers. Google statistics show that 34 percent of Android devices use variations of the 4.1 software.

The Heartbleed vulnerability was made public earlier this week and can expose people to hacking of their passwords and other sensitive information.

The Heartbleed bug, which was discovered by researchers from Google and a Finnish company called Codenomicon, affects OpenSSL, a type of open-source encryption used by as many as 66 percent of all active Internet sites. The bug, which lets hackers silently extract data from computers’ memory, and a fix for it were announced simultaneously on April 7.
...............
Android version history
..............
Version history of the Android mobile operating system
..............
Android is under ongoing development by Google and the Open Handset Alliance (OHA), and has seen a number of updates to its base operating system since its initial release.

Since April 2009, Android versions have been developed under a confectionery-themed code name and released in alphabetical order: Cupcake (1.5), Donut (1.6), Eclair (2.0–2.1), Froyo (2.2–2.2.3), Gingerbread (2.3–2.3.7), Honeycomb (3.0–3.2.6), Ice Cream Sandwich (4.0–4.0.4)

Jelly Bean (4.1–4.3) (Version dubbed 4.1.1, which was released in 2012 is NOT immune to the flaw called the Heartbleed Bug.)

KitKat (4.4). On 3 September 2013
...............
...............
(Ok bubba, (bubba is my name for the average obama voter), that jelly bean version you have in your obama phone is telling the NSA and everyone else everything you do on your obama phone. Better get rid of dat jellybean bubba.) Story Reports

The IRS will also use the IBM technology of death via obamacare

IBM and The Holocaust - the story of IBM's strategic alliance with Nazi Germany
..........................

When Hitler came to power, a central Nazi goal was to identify and destroy Germany's 600,000 Jews. To Nazis, Jews were not just those who practiced Judaism, but those of Jewish blood, regardless of their assimilation, intermarriage, religious activity, or even conversion to Christianity.

Only after Jews were identified could they be targeted for asset confiscation, ghettoization, deportation, and ultimately extermination. To search generations of communal, church, and governmental records all across Germany--and later throughout Europe--was a cross-indexing task so monumental, it called for a computer. But in 1933, no computer existed....

Dehomag and other IBM subsidiaries custom-designed the applications. Its technicians sent mock-ups of punch cards back and forth to Reich offices until the data columns were acceptable, much as any software designer would today. Punch cards could only be designed, printed, and purchased from one source: IBM.

The machines were not sold, they were leased, and regularly maintained and upgraded by only one source: IBM.

IBM subsidiaries trained the Nazi officers and their surrogates throughout Europe, set up branch offices and local dealerships throughout Nazi Europe staffed by a revolving door of IBM employees, and scoured paper mills to produce as many as 1.5 billion punch cards a year in Germany alone. Moreover, the fragile machines were serviced on site about once per month, even when that site was in or near a concentration camp.
IBM Germany's headquarters in Berlin maintained duplicates of many code books, much as any IBM service bureau today would maintain data backups for computers.

..................................

(Thomas wastson of IBM told people in the 1940's to ignore the news media reports about IBM's involvement with the nazi's in the news. Obama today tells Americans to ignore his administrations involvement with the IRS doing the same thing hitler did to track the jews so he could kill them. Today its not just jews that obama and IBM are tracking and tabulating but everyone in America via the IRS, NSA, obamacare etc and every branch of the obama regime.) Story Reports

.................................

IBM and the Holocaust : The Strategic Alliance Between Nazi Germany and America's Most Powerful Corporation [Paperback]
.................................
IBM and the Holocaust is the stunning story of IBM's strategic alliance with Nazi Germany -- beginning in 1933 in the first weeks that Hitler came to power and continuing well into World War II. As the Third Reich embarked upon its plan of conquest and genocide, IBM and its subsidiaries helped create enabling technologies, step-by-step, from the identification and cataloging programs of the 1930s to the selections of the 1940s.

Only after Jews were identified -- a massive and complex task that Hitler wanted done immediately -- could they be targeted for efficient asset confiscation, ghettoization, deportation, enslaved labor, and, ultimately, annihilation. It was a cross-tabulation and organizational challenge so monumental, it called for a computer. Of course, in the 1930s no computer existed.

But IBM's Hollerith punch card technology did exist. Aided by the company's custom-designed and constantly updated Hollerith systems, Hitler was able to automate his persecution of the Jews. Historians have always been amazed at the speed and accuracy with which the Nazis were able to identify and locate European Jewry. Until now, the pieces of this puzzle have never been fully assembled. The fact is, IBM technology was used to organize nearly everything in Germany and then Nazi Europe, from the identification of the Jews in censuses, registrations, and ancestral tracing programs to the running of railroads and organizing of concentration camp slave labor.

IBM and its German subsidiary custom-designed complex solutions, one by one, anticipating the Reich's needs. They did not merely sell the machines and walk away. Instead, IBM leased these machines for high fees and became the sole source of the billions of punch cards Hitler needed.

IBM and the Holocaust takes you through the carefully crafted corporate collusion with the Third Reich, as well as the structured deniability of oral agreements, undated letters, and the Geneva intermediaries -- all undertaken as the newspapers blazed with accounts of persecution and destruction.

Just as compelling is the human drama of one of our century's greatest minds, IBM founder Thomas Watson, who cooperated with the Nazis for the sake of profit.

Only with IBM's technologic assistance was Hitler able to achieve the staggering numbers of the Holocaust. Edwin Black has now uncovered one of the last great mysteries of Germany's war against the Jews -- how did Hitler get the names?

.................................................


Beyond the Cashless Society: IBM’s Vision for the Future

.....................................