The NSA knew about Heartbleed bug for two years, claims report

Has the United States’ National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years?

And, if it’s true, would you be surprised?

Read my article on the Hot for Security blog to find out more.

Heartbleed bug explained by xkcd in a way anyone can understand

It’s simply amazing how amazingly simple this XKCD cartoon is at explaining what the Heartbleed bug is all about.

Did the Heartbleed bug leak your Yahoo password?

Amazingly, the OpenSSL Heartbleed bug appears to have been around for about two years. Which means that – in theory at least – this gaping security hole could have been actively exploited by unauthorised parties for a long period of time.

The Heartbleed bug: serious vulnerability found in OpenSSL cryptographic software library

System administrators, I hope you weren’t planning to have an easy day today?

The potentially disastrous news is that a serious security flaw has been uncovered in versions of OpenSSL’s transport layer security (TLS) protocols.