The NSA must have security vulnerabilities that the service is discovered, in most cases, reveal, and not abuse it. That has the Us president Obama decided. However, there is an exception for domestic security and law enforcement’.
Obama would make the decision, whose impact should therefore prove to be, already in January have taken. A committee that the powers of the NSA under the microscope in nam, commanded at that time to the NSA no longer vulnerabilities in encryption systems to build. In addition, zero-day vulnerabilities for which no patch is available, need to be patched instead of abused.
Friday reported an American news agency that the NSA has been two years of abuse would have made Heartbleed, a bug in OpenSSL which has the consequence that clients sharing the internal memory of a vulnerable server can read. The NSA would the bug still have held that the bug was not patched, and lasting could be abused. The NSA itself denies that. Recently, the bug still discovered and patched.
U.s. government officials are critical of the decision of Obama. They are signs that foreign governments as that of Russia and China, the example of the United States will not follow and that the abuse of unpatched vulnerabilities can lead to a war is prevented. Previously abused the NSA zero-day leak at an Iranian nuclear facility to interfere with the Stuxnet virus.
Incidentally, the NSA is already patched vulnerabilities also continue to abuse: many computer users update their software.