Google Knew About Heartbleed and Didn’t Tell the US Government
Tell me again about how much we need to fear our elected government: Google Knew About Heartbleed and Didn’t Tell the Government.
Google knew about a critical flaw in Internet security, but it didn’t alert anyone in the government.
Neel Mehta, a Google engineer, first discovered “Heartbleed”—a bug that undermines the widely used encryption technology OpenSSL—some time in March. A team at the Finnish security firm Codenomicon discovered the flaw around the same time. Google was able to patch most of its services—such as email, search, and YouTube—before the companies publicized the bug on April 7.
The researchers also notified a handful of other companies about the bug before going public. The security firm CloudFlare, for example, said it fixed the flaw on March 31.
But the White House said Friday that no one in the federal government knew about the problem until April. The administration made the statement to deny an earlier Bloomberg report that the National Security Agency had been exploiting Heartbleed for years.