> If this is true, and the NSA knew about the Heartbleed vulnerability, then how come the EFF hasn't been getting more log data showing the vulnerability being exploited against sites?
I don't know how common the "extensive TLS-layer traffic logs" the EFF is soliciting are. I know I don't collect these.
I'd imagine the NSA would use such things fairly sparingly so as to not blunt their swords. Using it willy-nilly increases the chances of someone going "huh, that's odd traffic" and discovering it.
I don't know how common the "extensive TLS-layer traffic logs" the EFF is soliciting are. I know I don't collect these.
I'd imagine the NSA would use such things fairly sparingly so as to not blunt their swords. Using it willy-nilly increases the chances of someone going "huh, that's odd traffic" and discovering it.