A few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not disclosing the bug to the  Open Source community and to its rivals.

Keeping the users’ security at a stake, only a few more organizations and companies were made aware of this devastating bug, According to the Fairfax Media, the bug came in knowledge of Google on or before March 21 and then it followed a few other giants in the industry.

In a timeline of events compiled by the Fairfax Media it was clearly mentioned that the Google notified the OpenSSL about it with a delay of 11 days. The bug was brought under the notice on the April 1.  Till the bug was publicly disclosed, none of the companies including Yahoo and Amazon were aware of it and atleast for 48 hours they stayed with the vulnerability. But excluding them, the bug was notified to few other companies, including Facebook, Cloudfare, Redhat and Akamai, almost a day before it was disclosed.

Also a few days ago, Google came up with a blog post stating that the company has patched all of its major services, including YouTube and GMail, and are now secure to use. We reported that, Google in a blog post stated, “You may have heard of “Heartbleed,” a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth.  Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services.” 

Although the company didn’t gave a direct answer, a spokesperson said, “We aren’t commenting on when or who was give a heads up. The security of our users’ information is always a top priority”. We now are forced to believe that the Google patched all of its services even before the bug was disclosed.

20 Responses

  1. Philip Fiore's TechnoBlog » Your Internet security relies on a few volunteers – CNNMoney

    […] volunteers. And only one does it as a full-time job. Their labor of love is OpenSSL, …Google was aware of HeartBleed before it was disclosedThe Westside StoryGoogle accused of being selfish and playing favourites over Heartbleed security […]

    Reply
  2. CAC1031

    I swear I thought this was just a bad translation of some foreign faux news story until I looked at the “About” for the source. A news organization in South Dakota! I know it’s a sparsely populated state, but they can’t find better writers out there than this?!

    “the bug came in knowledge of Google on or before March 21 and then it followed a few other giants in the industry.”

    “In a timeline of events compiled by the Fairfax Media it was clearly mentioned that the Google notified the OpenSSL about it with a delay of 11 days.”

    “Google came up with a blog post”

    ….to cite a few examples.

    Reply
  3. Google was aware of HeartBleed before it was disclosed – The Westside Story | dailynewscafe.net

    […] Google was aware of HeartBleed before it was disclosedThe Westside StoryA few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not …Google accused of being selfish and playing favourites over Heartbleed security …Sydney Morning HeraldHeartbleed and sentinels of the netMontreal GazetteHow Heartbleed stirred up unease in our easy online livesEdmonton JournalThe National Law Review -Digital Trendsall 267 news articles » […]

    Reply
  4. Bruce Thomas

    I run servers so I agree with “the Google’s” decision to patch themselves first before alerting the public. What most hackers do is exploit already published flaws once they become public before everyone has a chance to update. The danger with flaws usually comes after you publish them as you give a road map for all hackers to follow. Google would have been foolish to alert the public before they had a chance to figure out a solution and applying a patch. Furthermore, as far as they knew, no one else was aware or exploiting this flaw. So why would they notify hackers about it and expose the millions of users using gmail and YouTube, etc before they had patched their servers?

    Reply
  5. Google was aware of HeartBleed before it was disclosed – The Westside Story | Newssplash.net

    […] Google was aware of HeartBleed before it was disclosedThe Westside StoryA few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not …Google accused of being selfish and playing favourites over Heartbleed security …Sydney Morning HeraldDear Diary: A week in the life of the Heartbleed BugNational PostHow Heartbleed stirred up unease in our easy online livesCalgary HeraldThe National Law Review -Digital Trends -Hartford Businessall 258 news articles » […]

    Reply
  6. Heartbleed Update: One Full-Time Worker Maintains Our Online Security – Auto World News | Newssplash.net

    […] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]

    Reply
  7. Heartbleed Update: One Full-Time Worker Maintains Our Online Security – Auto World News | Internet News 247

    […] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]

    Reply
  8. Heartbleed Update: One Full-Time Worker Maintains Our Online Security – Auto World News | dailynewscafe.net

    […] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]

    Reply
  9. JJ Joseph

    A certain amount of phony drama has to be fabricated, otherwise there is now “news” story.

    Reply
  10. Sblo

    Yes, of course they were aware of it before it was disclosed. It was Google engineers who discovered the bug at the beginning of April!!!

    Normal security practice was then followed by alerting those responsible for maintaining the code first, allowing sufficient time for them to come up with a fix (or validate one provided), then a staged disclosure is made to higher risk / higher profile users first, then to the public at large.

    Why do I get the feeling all the above seems to come as news to the author and editors of this piece?

    Reply
    • MGK

      The article states that Google knew about Heartbleed ‘on or before March 21’ but ‘notified the OpenSSL about it with a delay of 11 days’ on April 1. The story is Google’s delay in notifying OpenSSL so it could protect itself first and f%*k everybody else. This is exactly the OPPOSITE of the spirit of open source.

      Reply
      • glides

        11 days pretty quick turn around in comparison to basically ANY other exploit. Get the stick out of your bum

  11. Your Internet security relies on a few volunteers – CNNMoney | Newssplash.net

    […] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryCNBC.com -Sydney Morning Heraldall 257 news […]

    Reply
  12. Your Internet security relies on a few volunteers – CNNMoney | dailynewscafe.net

    […] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryCNBC.com -Sydney Morning Heraldall 258 news […]

    Reply
  13. Your Internet security relies on a few volunteers – CNNMoney | Internet News 247

    […] love is OpenSSL, …Heartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comSydney Morning […]

    Reply
  14. Heartbleed Also Affects Mobile Apps and Networking – Multichannel Merchant | Newssplash.net

    […] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]

    Reply
  15. Heartbleed Also Affects Mobile Apps and Networking – Multichannel Merchant | dailynewscafe.net

    […] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]

    Reply
  16. Heartbleed Also Affects Mobile Apps and Networking – Multichannel Merchant | Internet News 247

    […] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]

    Reply
  17. Heartbleed bug exposes OpenSSL project's meager resources – Economic Times | Internet News 247

    […] free software, …Heartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comSydney Morning […]

    Reply
  18. Heartbleed bug exposes OpenSSL project's meager resources – Economic Times | Internet News 247

    […] these volunteers, connected over the Internet, work together to build free software, …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]

    Reply

Leave a Reply

Your email address will not be published.