Has the United States’ National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years?
And, if it’s true, would you be surprised?
Read my article on the Hot for Security blog to find out more.
It’s simply amazing how amazingly simple this XKCD cartoon is at explaining what the Heartbleed bug is all about.
Amazingly, the OpenSSL Heartbleed bug appears to have been around for about two years. Which means that – in theory at least – this gaping security hole could have been actively exploited by unauthorised parties for a long period of time.
System administrators, I hope you weren’t planning to have an easy day today?
The potentially disastrous news is that a serious security flaw has been uncovered in versions of OpenSSL’s transport layer security (TLS) protocols.