Later On

A blog written for those whose interests more or less match mine.

NSA’s website hacked to demonstrate a famous bug

leave a comment »

Lorenzo Franceschi-Bicchierai reports at Motherboard:

A group of researchers only needed $104 and 8 hours of Amazon’s cloud computing power to hack the NSA’s website. And their feat was made possible by a bug that, ironically, was practically created by the NSA itself and its anti-encryption policies from 20 years ago.

The NSA’s site was just the guinea pig to demonstrate a newly-disclosed internet flaw called ​FREAK.

The bug, first ​disclosed on Monday by Akamai, allows an attacker to intercept a supposedly secure connection between people using Android or Apple devices and thousands, if not millions, of websites. This gives the hackers the chance to impersonate said website and steal confidential data like passwords and logins.

Now, as crypto expert Matthew Green correctly ​pointed out, this wasn’t really a “hack.” Mounting a man-in-the-middle attack against is not the same as hacking the NSA (as an always-appropriate XKCD cartoon illustrates).


The researchers were actually just trying to make a point, and to show how dangerous this new bug is. But the choice of the target wasn’t random.

“In the current climate, it felt like the appropriate website to mount a man-in-the-middle attack on,” Karthikeyan Bhargavan, one of the lead researchers who discovered the bug, told Motherboard.

Bhargavan was obviously referring to

Continue reading.

Written by LeisureGuy

3 March 2015 at 5:17 pm

Posted in NSA, Technology

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.