undefined | Better HN

0 pointsscott_karana11y ago0 comments

No, Snowden's files predate the public knowledge of the vulnerability.

As far as I know, we presently have no way of determining whether or not the NSA had knowledge of the bug.

From the CVE[1], we see that OpenSSL versions from the very start in 2012[2] were vulnerable.

1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-01...

2 http://www.openssl.org/source/ (Jan 3 14:41:35 2012 openssl-1.0.1-beta1.tar.gz)

0 comments

Snowden's files predate the existence of the vulnerability. Many of his files were years old when he exfiltrated them. This vulnerability was created by a specific check-in that has been identified. That does not, of course, mean the NSA didn't use it, or even create it. Both are possible.

scott_karanaOP11y ago

Oh, I see what you mean. Fair point.

(It's a wide time range of files he's released so far though, right?)

saraid21611y ago

You'd think that, if any of his files actually covered such a possibility, he would have released that file by now.

j / k navigate · click thread line to collapse