NSA denies exploiting Heartbleed
 

The clandestine spying outfit used by the French terrorist backed Junta of the United States to spy on the world, the NSA has denied it has known about the Heartbleed bug for years and used it for surveillance efforts.

The NSA "tweeted" that it was unaware of the recently identified Heartbleed vulnerability until it was made public. Of course the NSA has twittered some rubbish before. According to General Keith Alexander, the NSA was not spying on American citizens in its Prism programme, but that turned out to be a lie..

The denial came after Bloomberg published a report citing two people familiar with the matter, that said the NSA knew about Heartbleed for at least two years and "regularly used it to gather critical intelligence".

Apparently the NSA was able to gather things like passwords and other basic data that travels over the Web.

Heartbleed is a bug within OpenSSL that left encrypted data supposedly protected by the cryptographic software library open to scammers. It was spotted by a team of researchers from Google Security and Codenomicon, and it has been thought to have been around since version 1.0.1 was released in March 2012. A fix has been rolled out, but Heartbleed made Web content, emails, instant messaging, and virtual private networks, on about two-thirds of the world's servers, open to hackers for nearly two years.

The only thing you can really do to prevent having your information stolen by scammers exploiting the Heartbleed bug is change your password on affected sites.

Heartbleed’s origin was just a cock-up by Robin Seggelmann, a programmer based in Germany, submitted the code in an update at 11:50 pm, 31 December 2011. It would have made a change from singing Auld Lang Syne with everyone else. He wanted to enable Heartbeat in OpenSSL, but missed the necessary validation by mistake and managed to break the Internet.

http://news.techeye.net/business/nsa...ing-heartbleed