Did Google hide its knowledge of the Heartbleed Bug?
Reports suggested that the National Security Agency (NSA) may have been exploiting the Heartbleed Bug in order to grab personal information of millions of Americans. Now, reports are surfacing that Google may have known about the online bug before it was made public, putting into question the Mountain View-based search company's intentions into question.
In a series of reports, including one from Fairfax Media, Google has been accused of learning about the bug, but failing to report it to Open Source and company rivals, which many tech experts believe to be evidence that Google was exploiting the OpenSSL bug for its own purposes.
"Bodo Moeller and Adam Langley of Google commit a patch for the flaw (This is according to the timestamp on the patch file Google created and later sent to OpenSSL, which OpenSSL forwarded to Red Hat and others). The patch is then progressively applied to Google services/servers across the globe," writes Fairfax Media in a timeline of the Heartbleed Bug debacle.
It is evidence that before the bug was made public, Google had learned about it and had already begun securing its networks days before other companies were made aware of the issue.
It was not until April 1 when the bug became widespread media and public knowledge.
"Google Security notifies 'OpenSSL team members' about the flaw it has found in OpenSSL, which later becomes known as 'Heartbleed', Mark Cox at OpenSSL says on social network Google Plus, Fairfax reports.
Google has not spoken publicly about the accusations, and its press office did not respond to queries on the topic.
But the company has been proactive in its attempts to parlay any scrutiny by reassuring its users that they are not compromised and that Google has patched all its programs to be secure and void of the Heartbleed Bug.
"Key Google services including Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth" have all been updated and the Heartbleed bug is no longer an issue for users, says Google Product Manager Matthew O'Connor in a blog post.
The Heartbleed bug has become a major contentious issue for the public, with fears that massive amounts of personal data, including financial information, could have become compromised over the past two years as a result of the bug.
"We will continue working closely with the security research and open source communities, as doing so is one of the best ways to know how to keep our users safe," O'Connor wrote in the post.