The NSA's denial it knew about or exploited the Heartbleed bug raises an obvious question: does it exploit similar flaws?
The answer, according to The New York Times, is yes.
Quoting ”senior administration officials”, the paper says US President Barack Obama considered what the NSA should do if it becomes aware of a vulnerability that could help its activities. His decision led to the creation of “... a broad exception for 'a clear national security or law enforcement need'.”
Just how broad is not explained and was not revealed to the Times.
It is widely believed that exploiting 0-days is a common technique among intelligence agencies the world over. For the USA to deny itself such a tool would therefore be odd.
But without knowing just where Obama has drawn the line it is hard to know if his policies to curb the NSA's excesses can be taken seriously. ®