The Heartbleed bug has making a lot of waves recently and for those unfamiliar, it’s a vulnerability with the OpenSSL technology that could have potentially affected at least two-thirds of the internet, since many web services and online companies take advantage of the technology and implement it on their websites.
Now this vulnerability has been around for years but it was only recently that it was discovered, or was it? According to Bloomberg, they cite “two people familiar with the matter” who claims that this is actually an issue that the NSA has discovered and has exploited the flaw for years. They claim that the NSA has since been using this flaw to gather critical intelligence and have been doing so on a regular basis.
Apparently they wanted to keep the bug a secret in pursuit of national security interests, or at least that’s the claims that are being made. Naturally the NSA has since denied this and in a response to the report on Bloomberg, they have come forward and stated that they did not know about the Heartbleed vulnerability until the flaw was made public by a security report.
Given that the NSA’s practices have been revealed by Edward Snowden, practices which many did not expect, we’re sure many are finding it hard to take the NSA at their word. In any case the folks at Mashable have compiled a pretty extensive list of websites that may or may not have been affected by the bug, so if you’d like to see if the websites you frequent could have been affected, head on over to Mashable for the details.
Filed in Heartbleed, Nsa and Security.
. Read more about